On Fri, May 7, 2021 at 9:04 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > > While the buffer should be large enough (IB_DEVICE_NAME_MAX) for all > InfiniBand device names, it's better to be defensive and ensure the > string will be null-terminated even if the hook happens to receive a > longer name. > > Found by a Coverity scan (BUFFER_SIZE warning). > > Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx> > --- > security/selinux/hooks.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index 92f909a2e8f7..ec14ed56f508 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -6864,7 +6864,7 @@ static int selinux_ib_endport_manage_subnet(void *ib_sec, const char *dev_name, > return err; > > ad.type = LSM_AUDIT_DATA_IBENDPORT; > - strncpy(ibendport.dev_name, dev_name, sizeof(ibendport.dev_name)); > + strlcpy(ibendport.dev_name, dev_name, sizeof(ibendport.dev_name)); The kernel preference these days appears to be to use strscpy() instead of strlcpy(); if we are going to change it, let's change it to strscpy(). -- paul moore www.paul-moore.com
