LinuxLists.cc - Re: [PATCH v1 2/2] net: ethernet: mtk_eth

2021-06-13 12:22:42

Subject: Re: [PATCH v1 2/2] net: ethernet: mtk_eth_soc: Support custom ifname

On Sun, Jun 13, 2021 at 01:58:19PM +0200, Reto Schneider wrote:
> diff --git a/drivers/net/ethernet/mediatek/mtk_eth_soc.c b/drivers/net/ethernet/mediatek/mtk_eth_soc.c
> index 64adfd24e134..8bb09801918f 100644
> --- a/drivers/net/ethernet/mediatek/mtk_eth_soc.c
> +++ b/drivers/net/ethernet/mediatek/mtk_eth_soc.c
> @@ -2948,6 +2948,7 @@ static const struct net_device_ops mtk_netdev_ops = {
> static int mtk_add_mac(struct mtk_eth *eth, struct device_node *np)
> {
> const __be32 *_id = of_get_property(np, "reg", NULL);
> + const char *const name = of_get_property(np, "label", NULL);
> phy_interface_t phy_mode;
> struct phylink *phylink;
> struct mtk_mac *mac;
> @@ -3020,6 +3021,9 @@ static int mtk_add_mac(struct mtk_eth *eth, struct device_node *np)
>
> mac->phylink = phylink;
>
> + if (name)
> + strncpy(eth->netdev[id]->name, name, IFNAMSIZ);

Please don't use strncpy() - this is a good example why strncpy() is bad
news.

* strncpy - Copy a length-limited, C-string
* @dest: Where to copy the string to
* @src: Where to copy the string from
* @count: The maximum number of bytes to copy
*
* The result is not %NUL-terminated if the source exceeds
* @count bytes.

Consequently, if "name" is IFNAMSIZ bytes or longer,
eth->netdev[id]->name will not be NUL terminated, and subsequent use
will run off the end of the string. strscpy() is safer to use here.

Thanks.

--
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTP is here! 40Mbps down 10Mbps up. Decent connectivity at last!

2021-06-13 13:56:06

by Reto Schneider

[permalink] [raw]

Subject: Re: [PATCH v1 2/2] net: ethernet: mtk_eth_soc: Support custom ifname

Hi Russell,

On 13.06.21 14:20, Russell King (Oracle) wrote:
> Please don't use strncpy() - this is a good example why strncpy() is bad
> news.
>
> * strncpy - Copy a length-limited, C-string
> * @dest: Where to copy the string to
> * @src: Where to copy the string from
> * @count: The maximum number of bytes to copy
> *
> * The result is not %NUL-terminated if the source exceeds
> * @count bytes.
>
> Consequently, if "name" is IFNAMSIZ bytes or longer,
> eth->netdev[id]->name will not be NUL terminated, and subsequent use
> will run off the end of the string. strscpy() is safer to use here.

Thanks a lot for finding this (embarrassing mistake) and pointing me in
the right direction (did dot know about strscpy).

Will send v2 soon.

Kind regards,
Reto