From 7616240b4dd6b8322b79327f45150e0cc0bf6a79 Mon Sep 17 00:00:00 2001 From: Vladimir Oltean Date: Mon, 27 Sep 2021 14:21:56 +0300 Subject: [PATCH] net: sh_eth: ensure mdiodev->name is NULL terminated after MDIO_NAME_LEN truncation strncpy() simply bails out when copying a source string whose size exceeds the destination string size, potentially leaving the destination string unterminated. One possible way to address is to pass MDIO_NAME_LEN - 1 and a previously zero-initialized destination string, but this is more difficult to maintain. The chosen alternative is to use strlcpy(), which properly limits the copy len in the (srclen >= size) case to "size - 1", and which is also more efficient than the strncpy() byte-by-byte implementation by using memcpy. The destination string returned by strlcpy() is always NULL terminated. Signed-off-by: Vladimir Oltean Reviewed-by: Ramon Fried --- drivers/net/sh_eth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/sh_eth.c b/drivers/net/sh_eth.c index 3143a58..4055f07 100644 --- a/drivers/net/sh_eth.c +++ b/drivers/net/sh_eth.c @@ -657,7 +657,7 @@ int sh_eth_initialize(struct bd_info *bd) mdiodev = mdio_alloc(); if (!mdiodev) return -ENOMEM; - strncpy(mdiodev->name, dev->name, MDIO_NAME_LEN); + strlcpy(mdiodev->name, dev->name, MDIO_NAME_LEN); mdiodev->read = bb_miiphy_read; mdiodev->write = bb_miiphy_write; -- 2.7.4