[PATCH v6 8/9] soc: qcom: apr: Avoid string overflow
From: Niklas Cassel
Date: Wed Aug 29 2018 - 03:58:11 EST
'adev->name' is used as a NUL-terminated string, but using strncpy() with the
length equal to the buffer size may result in lack of the termination:
In function 'apr_add_device',
inlined from 'of_register_apr_devices' at drivers//soc/qcom/apr.c:264:7,
inlined from 'apr_probe' at drivers//soc/qcom/apr.c:290:2:
drivers//soc/qcom/apr.c:222:3: warning: 'strncpy' specified bound 32 equals destination size [-Wstringop-truncation]
strncpy(adev->name, np->name, APR_NAME_SIZE);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This changes it to use the safer strscpy() instead.
Signed-off-by: Niklas Cassel <niklas.cassel@xxxxxxxxxx>
---
drivers/soc/qcom/apr.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/soc/qcom/apr.c b/drivers/soc/qcom/apr.c
index 57af8a537332..ee9197f5aae9 100644
--- a/drivers/soc/qcom/apr.c
+++ b/drivers/soc/qcom/apr.c
@@ -219,9 +219,9 @@ static int apr_add_device(struct device *dev, struct device_node *np,
adev->domain_id = id->domain_id;
adev->version = id->svc_version;
if (np)
- strncpy(adev->name, np->name, APR_NAME_SIZE);
+ strscpy(adev->name, np->name, APR_NAME_SIZE);
else
- strncpy(adev->name, id->name, APR_NAME_SIZE);
+ strscpy(adev->name, id->name, APR_NAME_SIZE);
dev_set_name(&adev->dev, "aprsvc:%s:%x:%x", adev->name,
id->domain_id, id->svc_id);
--
2.17.1