From: Kees Cook <[email protected]> Date: Thu, 7 Aug 2025 15:00:24 -0700
> On Thu, Aug 07, 2025 at 03:31:05PM +0200, Alexander Lobakin wrote: >> Sure, lots of drivers uses normal string copy functions etc. >> But Ethtool strings *must* be NUL-terminated, so this fixed-size + >> memcpy() only hurts. > > This is the misunderstanding: they're only NUL padded, but not strictly > NUL terminated. You can see ethtool itself has to be careful with the > strings, limiting the fprintf to their sizeof(): > > https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/tree/ethtool.c#n1013 > > or using strncmp everywhere. Maybe we should add a check to the Ethtool core that every 32-th array symbol == \0 to detect misbehaving drivers like this one :D Thanks, Olek
