On Thu, Dec 29, 2022 at 12:45:10PM +0300, Dan Carpenter wrote: > On Mon, Dec 26, 2022 at 07:03:24PM +0800, yang.yang29@xxxxxxxxxx wrote: > > From: Xu Panda <xu.panda@xxxxxxxxxx> > > > > The implementation of strscpy() is more robust and safer. > > That's now the recommended way to copy NUL-terminated strings. > > > > Signed-off-by: Xu Panda <xu.panda@xxxxxxxxxx> > > Signed-off-by: Yang Yang <yang.yang29@xxxxxxx> > > --- > > drivers/staging/ks7010/ks_wlan_net.c | 3 +-- > > 1 file changed, 1 insertion(+), 2 deletions(-) > > > > diff --git a/drivers/staging/ks7010/ks_wlan_net.c b/drivers/staging/ks7010/ks_wlan_net.c > > index 044c807ca022..e03c87f0bfe7 100644 > > --- a/drivers/staging/ks7010/ks_wlan_net.c > > +++ b/drivers/staging/ks7010/ks_wlan_net.c > > @@ -382,8 +382,7 @@ static int ks_wlan_get_nick(struct net_device *dev, > > return -EPERM; > > > > /* for SLEEP MODE */ > > - strncpy(extra, priv->nick, 16); > > - extra[16] = '\0'; > > + strscpy(extra, priv->nick, 17); > > I think this code is a buffer overflow. This is an implementation of > SIOCGIWNICKN. Huh... Maybe I'm wrong. I looked at a couple other implementations of SIOCGIWNICKN and they all seem to assume a 17 character buffer... Let me look deeper. I guess for now assume I am wrong. regards, dan carpenter
