soc: renesas: Prefer memcpy() over strcpy()

strcpy() performs no bounds checking on the destination buffer. This
could result in linear overflows beyond the end of the buffer, leading
to all kinds of misbehaviors. So, use memcpy() as a safe replacement.

This is a previous step in the path to remove the strcpy() function
entirely from the kernel.

Signed-off-by: Len Baker <len.baker@gmx.com>
Link: https://lore.kernel.org/r/20210808125012.4715-3-len.baker@gmx.com
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>

diff --git a/drivers/soc/renesas/r8a779a0-sysc.c b/drivers/soc/renesas/r8a779a0-sysc.c
index d464ffa..7410b9f 100644 (file)
--- a/drivers/soc/renesas/r8a779a0-sysc.c
+++ b/drivers/soc/renesas/r8a779a0-sysc.c
@@ -404,19 +404,21 @@ static int __init r8a779a0_sysc_pd_init(void)
        for (i = 0; i < info->num_areas; i++) {
                const struct r8a779a0_sysc_area *area = &info->areas[i];
                struct r8a779a0_sysc_pd *pd;
+               size_t n;
 
                if (!area->name) {
                        /* Skip NULLified area */
                        continue;
                }
 
-               pd = kzalloc(sizeof(*pd) + strlen(area->name) + 1, GFP_KERNEL);
+               n = strlen(area->name) + 1;
+               pd = kzalloc(sizeof(*pd) + n, GFP_KERNEL);
                if (!pd) {
                        error = -ENOMEM;
                        goto out_put;
                }
 
-               strcpy(pd->name, area->name);
+               memcpy(pd->name, area->name, n);
                pd->genpd.name = pd->name;
                pd->pdr = area->pdr;
                pd->flags = area->flags;

diff --git a/drivers/soc/renesas/rcar-sysc.c b/drivers/soc/renesas/rcar-sysc.c
index 53387a7..b0a80de 100644 (file)
--- a/drivers/soc/renesas/rcar-sysc.c
+++ b/drivers/soc/renesas/rcar-sysc.c
@@ -396,19 +396,21 @@ static int __init rcar_sysc_pd_init(void)
        for (i = 0; i < info->num_areas; i++) {
                const struct rcar_sysc_area *area = &info->areas[i];
                struct rcar_sysc_pd *pd;
+               size_t n;
 
                if (!area->name) {
                        /* Skip NULLified area */
                        continue;
                }
 
-               pd = kzalloc(sizeof(*pd) + strlen(area->name) + 1, GFP_KERNEL);
+               n = strlen(area->name) + 1;
+               pd = kzalloc(sizeof(*pd) + n, GFP_KERNEL);
                if (!pd) {
                        error = -ENOMEM;
                        goto out_put;
                }
 
-               strcpy(pd->name, area->name);
+               memcpy(pd->name, area->name, n);
                pd->genpd.name = pd->name;
                pd->ch.chan_offs = area->chan_offs;
                pd->ch.chan_bit = area->chan_bit;