Kernel/linux-next
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git synced 2024-12-29 09:12:07 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

bus: fsl-mc: Replace deprecated strncpy() with strscpy_pad()

Browse Source 
`strncpy` is deprecated for use on NUL-terminated destination strings [1].

We need to prefer more robust and less ambiguous string interfaces.

`obj_desc->(type|label)` are expected to be NUL-terminated strings as
per "include/linux/fsl/mc.h +143"
| ...
|  * struct fsl_mc_obj_desc - Object descriptor
|  * @type: Type of object: NULL terminated string
| ...

It seems `cmd_params->obj_type` is also expected to be a NUL-terminated string.

A suitable replacement is `strscpy_pad` due to the fact that it
guarantees NUL-termination on the destination buffer whilst keeping the
NUL-padding behavior that `strncpy` provides.

Padding may not strictly be necessary but let's opt to keep it as this
ensures no functional change.

Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Justin Stitt <justinstitt@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20230912-strncpy-drivers-bus-fsl-mc-dprc-c-v1-1-cdb56aa3f4f4@google.com
Signed-off-by: Kees Cook <keescook@chromium.org>
This commit is contained in:
Justin Stitt 2023-09-12 22:52:04 +00:00 committed by Kees Cook
parent a952abcdaa
commit de055e6116
1 changed files with 4 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
drivers/bus/fsl-mc/dprc.c
View File

@ -450,10 +450,8 @@ int dprc_get_obj(struct fsl_mc_io *mc_io,
obj_desc->ver_major = le16_to_cpu(rsp_params->version_major);
obj_desc->ver_minor = le16_to_cpu(rsp_params->version_minor);
obj_desc->flags = le16_to_cpu(rsp_params->flags);
strncpy(obj_desc->type, rsp_params->type, 16);
obj_desc->type[15] = '\0';
strncpy(obj_desc->label, rsp_params->label, 16);
obj_desc->label[15] = '\0';
strscpy_pad(obj_desc->type, rsp_params->type, 16);
strscpy_pad(obj_desc->label, rsp_params->label, 16);
return 0;
}
EXPORT_SYMBOL_GPL(dprc_get_obj);
@ -491,8 +489,7 @@ int dprc_set_obj_irq(struct fsl_mc_io *mc_io,
cmd_params->irq_addr = cpu_to_le64(irq_cfg->paddr);
cmd_params->irq_num = cpu_to_le32(irq_cfg->irq_num);
cmd_params->obj_id = cpu_to_le32(obj_id);
strncpy(cmd_params->obj_type, obj_type, 16);
cmd_params->obj_type[15] = '\0';
strscpy_pad(cmd_params->obj_type, obj_type, 16);
/* send command to mc*/
return mc_send_command(mc_io, &cmd);
@ -564,8 +561,7 @@ int dprc_get_obj_region(struct fsl_mc_io *mc_io,
cmd_params = (struct dprc_cmd_get_obj_region *)cmd.params;
cmd_params->obj_id = cpu_to_le32(obj_id);
cmd_params->region_index = region_index;
strncpy(cmd_params->obj_type, obj_type, 16);
cmd_params->obj_type[15] = '\0';
strscpy_pad(cmd_params->obj_type, obj_type, 16);
/* send command to mc*/
err = mc_send_command(mc_io, &cmd);