xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

net/ethernet/qlogic/qed: force the string buffer NULL-terminated

Browse Source 
strncpy() does not ensure NULL-termination when the input string
size equals to the destination buffer size 30.
The output string is passed to qed_int_deassertion_aeu_bit()
which calls DP_INFO() and relies NULL-termination.

Use strlcpy instead. The other conditional branch above strncpy()
needs no fix as snprintf() ensures NULL-termination.

This issue is identified by a Coccinelle script.

Signed-off-by: Wang Xiayang <xywang.sjtu@sjtu.edu.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Wang Xiayang
2019-07-31 16:15:42 +08:00
committed by David S. Miller
parent ea443e5e98
commit 3690c8c9a8
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
drivers/net/ethernet/qlogic/qed/qed_int.c
View File

@@ -1093,7 +1093,7 @@ static int qed_int_deassertion(struct qed_hwfn *p_hwfn,
snprintf(bit_name, 30, snprintf(bit_name, 30,
p_aeu->bit_name, num); p_aeu->bit_name, num);
else else
strncpy(bit_name, strlcpy(bit_name,
p_aeu->bit_name, 30); p_aeu->bit_name, 30);
/* We now need to pass bitmask in its /* We now need to pass bitmask in its