board: gdsys: a38x: ensure mdiodev->name is NULL terminated after MDIO_NAME_LEN trunc...

strncpy() simply bails out when copying a source string whose size
exceeds the destination string size, potentially leaving the destination
string unterminated.

One possible way to address is to pass MDIO_NAME_LEN - 1 and a
previously zero-initialized destination string, but this is more
difficult to maintain.

The chosen alternative is to use strlcpy(), which properly limits the
copy len in the (srclen >= size) case to "size - 1", and which is also
more efficient than the strncpy() byte-by-byte implementation by using
memcpy. The destination string returned by strlcpy() is always NULL
terminated.

Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Reviewed-by: Ramon Fried <rfried.dev@gmail.com>

diff --git a/board/gdsys/a38x/ihs_phys.c b/board/gdsys/a38x/ihs_phys.c
index c23d150..e09c000 100644 (file)
--- a/board/gdsys/a38x/ihs_phys.c
+++ b/board/gdsys/a38x/ihs_phys.c
@@ -110,9 +110,7 @@ int register_miiphy_bus(uint k, struct mii_dev **bus)
 
        if (!mdiodev)
                return -ENOMEM;
-       strncpy(mdiodev->name,
-               name,
-               MDIO_NAME_LEN);
+       strlcpy(mdiodev->name, name, MDIO_NAME_LEN);
        mdiodev->read = bb_miiphy_read;
        mdiodev->write = bb_miiphy_write;