[PATCH] bnxt_en: avoid string overflow for record->system_name
From: Arnd Bergmann
Date: Mon Aug 13 2018 - 17:27:10 EST
The utsname()->nodename string may be 64 bytes long, and it gets
copied without the trailing nul byte into the shorter record->system_name,
as gcc now warns:
In file included from include/linux/bitmap.h:9,
from include/linux/ethtool.h:16,
from drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c:13:
In function 'strncpy',
inlined from 'bnxt_fill_coredump_record' at drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c:2863:2:
include/linux/string.h:254:9: error: '__builtin_strncpy' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation]
Using strlcpy() at least avoids overflowing the destination buffer
and adds proper nul-termination. It may still truncate long names
though, which probably can't be solved here.
Fixes: 6c5657d085ae ("bnxt_en: Add support for ethtool get dump.")
Signed-off-by: Arnd Bergmann <arnd@xxxxxxxx>
---
drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
index b1602ea64372..e52d7af3ab3e 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
@@ -2860,8 +2860,8 @@ bnxt_fill_coredump_record(struct bnxt *bp, struct bnxt_coredump_record *record,
record->low_version = 0;
record->high_version = 1;
record->asic_state = 0;
- strncpy(record->system_name, utsname()->nodename,
- strlen(utsname()->nodename));
+ strlcpy(record->system_name, utsname()->nodename,
+ sizeof(record->system_name));
record->year = cpu_to_le16(tm.tm_year);
record->month = cpu_to_le16(tm.tm_mon);
record->day = cpu_to_le16(tm.tm_mday);
--
2.18.0