review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	David Herrmann <dh.herrmann@gmail.com>
	Wed, 14 Nov 2018 13:16:42 +0000 (14:16 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 13 Dec 2018 08:16:13 +0000 (09:16 +0100)
commit	699faa9cf00c0f0b8a07ad71ee2d86eadad3cabe
tree	c1f3f631f0feda684e3971ad6811a12810014f44	tree \| snapshot
parent	0799feafeb1b633442432810d8107fb0367dc37a	commit \| diff

Revert "HID: uhid: use strlcpy() instead of strncpy()"

[ Upstream commit 4d26d1d1e8065bb3326a7c06d5d4698e581443a9 ]

This reverts commit 336fd4f5f25157e9e8bd50e898a1bbcd99eaea46.

Please note that `strlcpy()` does *NOT* do what you think it does.
strlcpy() *ALWAYS* reads the full input string, regardless of the
'length' parameter. That is, if the input is not zero-terminated,
strlcpy() will *READ* beyond input boundaries. It does this, because it
always returns the size it *would* copy if the target was big enough,
not the truncated size it actually copied.

The original code was perfectly fine. The hid device is
zero-initialized and the strncpy() functions copied up to n-1
characters. The result is always zero-terminated this way.

This is the third time someone tried to replace strncpy with strlcpy in
this function, and gets it wrong. I now added a comment that should at
least make people reconsider.

Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>