Re: [PATCH] atmel: using strlcpy() to avoid possible buffer overflows

From: Andy Shevchenko
Date: Fri Jun 29 2018 - 17:47:22 EST

Next message: Paul Moore: "[GIT PULL] SELinux fixes for v4.18 (#1)"
Previous message: Kirill A. Shutemov: "Re: [Update] Regression in 4.18 - 32-bit PowerPC crashes on boot - bisected to commit 1d40a5ea01d5"
In reply to: YueHaibing: "[PATCH] atmel: using strlcpy() to avoid possible buffer overflows"
Next in thread: Andy Shevchenko: "Re: [PATCH] atmel: using strlcpy() to avoid possible buffer overflows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jun 29, 2018 at 5:51 AM, YueHaibing <yuehaibing@xxxxxxxxxx> wrote:
> 'firmware' is a module param which may been longer than firmware_id,
> so using strlcpy() to guard against overflows

strncat() is against overflow, this does a bit more.

> priv->firmware_id[0] = '\0';
...
> if (firmware) /* module parameter */
> - strcpy(priv->firmware_id, firmware);
> + strlcpy(priv->firmware_id, firmware, sizeof(priv->firmware_id));

In either case the above '\0' is not needed.
But it looks like the intention was to use strncat() / strlcat().

--
With Best Regards,
Andy Shevchenko

Next message: Paul Moore: "[GIT PULL] SELinux fixes for v4.18 (#1)"
Previous message: Kirill A. Shutemov: "Re: [Update] Regression in 4.18 - 32-bit PowerPC crashes on boot - bisected to commit 1d40a5ea01d5"
In reply to: YueHaibing: "[PATCH] atmel: using strlcpy() to avoid possible buffer overflows"
Next in thread: Andy Shevchenko: "Re: [PATCH] atmel: using strlcpy() to avoid possible buffer overflows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]