2014-06-04 21:28:48

by Rickard Strandqvist

[permalink] [raw]

Subject: [PATCH] net: ethernet: intel: ixgbe: ixgbe_main.c: Cleaning up missing null-terminate after strncpy call

---

Added a guaranteed null-terminate after call to strncpy.

This was partly found using a static code analysis program called cppcheck.

Signed-off-by: Rickard Strandqvist <[email protected]>
---
drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
index d62e7a2..58322e4 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
@@ -8237,8 +8237,10 @@ skip_sriov:
ixgbe_check_minimum_link(adapter, expected_gts);

err = ixgbe_read_pba_string_generic(hw, part_str, IXGBE_PBANUM_LENGTH);
- if (err)
+ if (err) {
strncpy(part_str, "Unknown", IXGBE_PBANUM_LENGTH);
+ part_str[sizeof(part_str) - 1] = '\0';
+ }
if (ixgbe_is_sfp(hw) && hw->phy.sfp_type != ixgbe_sfp_type_not_present)
e_dev_info("MAC: %d, PHY: %d, SFP+: %d, PBA No: %s\n",
hw->mac.type, hw->phy.type, hw->phy.sfp_type,
--
1.7.10.4

2014-06-04 21:55:16

by Joe Perches

[permalink] [raw]

Subject: Re: [PATCH] net: ethernet: intel: ixgbe: ixgbe_main.c: Cleaning up missing null-terminate after strncpy call

---

On Wed, 2014-06-04 at 23:29 +0200, Rickard Strandqvist wrote:
> Added a guaranteed null-terminate after call to strncpy.

Perhaps all of these should be strlcpy

2014-06-04 22:14:08

by Rustad, Mark D

[permalink] [raw]

Subject: Re: [E1000-devel] [PATCH] net: ethernet: intel: ixgbe: ixgbe_main.c: Cleaning up missing null-terminate after strncpy call

---

On Jun 4, 2014, at 2:55 PM, Joe Perches <[email protected]> wrote:

> On Wed, 2014-06-04 at 23:29 +0200, Rickard Strandqvist wrote:
>> Added a guaranteed null-terminate after call to strncpy.
>
> Perhaps all of these should be strlcpy

The code that is there seems fine. The length of the array exceeds the length of the literal, and the strncpy ensures that the entire buffer is initialized so no information can possibly leak from the kernel.

I think this is fine as it is without any patch.

--
Mark Rustad, Networking Division, Intel Corporation

2014-06-04 23:45:47

by Jeff Kirsher

[permalink] [raw]

Subject: Re: [linux-nics] [PATCH] net: ethernet: intel: ixgbe: ixgbe_main.c: Cleaning up missing null-terminate after strncpy call

---

On Wed, 2014-06-04 at 23:29 +0200, Rickard Strandqvist wrote:
> Added a guaranteed null-terminate after call to strncpy.
>
> This was partly found using a static code analysis program called
> cppcheck.
>
> Signed-off-by: Rickard Strandqvist
> <[email protected]>
> ---
> drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)

NAK, I won't be picking this patch up based on Mark's and Joe's
feedback.

---

Attachments:

signature.asc (836.00 B)
This is a digitally signed message part