On Mon, Sep 27, 2021 at 2:22 PM Vladimir Oltean <vladimir.olt...@nxp.com> wrote:
>
> strncpy() simply bails out when copying a source string whose size
> exceeds the destination string size, potentially leaving the destination
> string unterminated.
>
> One possible way to address is to pass MDIO_NAME_LEN - 1 and a
> previously zero-initialized destination string, but this is more
> difficult to maintain.
>
> The chosen alternative is to use strlcpy(), which properly limits the
> copy len in the (srclen >= size) case to "size - 1", and which is also
> more efficient than the strncpy() byte-by-byte implementation by using
> memcpy. The destination string returned by strlcpy() is always NULL
> terminated.
>
> Signed-off-by: Vladimir Oltean <vladimir.olt...@nxp.com>
> ---
>  drivers/net/sh_eth.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/net/sh_eth.c b/drivers/net/sh_eth.c
> index 3143a5813a6d..4055f07b2feb 100644
> --- a/drivers/net/sh_eth.c
> +++ b/drivers/net/sh_eth.c
> @@ -657,7 +657,7 @@ int sh_eth_initialize(struct bd_info *bd)
>         mdiodev = mdio_alloc();
>         if (!mdiodev)
>                 return -ENOMEM;
> -       strncpy(mdiodev->name, dev->name, MDIO_NAME_LEN);
> +       strlcpy(mdiodev->name, dev->name, MDIO_NAME_LEN);
>         mdiodev->read = bb_miiphy_read;
>         mdiodev->write = bb_miiphy_write;
>
> --
> 2.25.1
>
Reviewed-by: Ramon Fried <rfried....@gmail.com>

Reply via email to