Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754046AbcLFRII (ORCPT ); Tue, 6 Dec 2016 12:08:08 -0500 Received: from muru.com ([72.249.23.125]:53262 "EHLO muru.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754006AbcLFRIG (ORCPT ); Tue, 6 Dec 2016 12:08:06 -0500 Date: Tue, 6 Dec 2016 09:08:00 -0800 From: Tony Lindgren To: Maninder Singh Cc: bcousson@baylibre.com, paul@pwsan.com, linux@armlinux.org.uk, linux-omap@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, pankaj.m@samsung.com, ajeet.y@samsung.com, Vaneet Narang Subject: Re: [PATCH v3] mach-omap2: fixing wrong strcat for Non-NULL terminated string Message-ID: <20161206170800.GB13181@atomide.com> References: <1480915633-16284-1-git-send-email-maninder1.s@samsung.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1480915633-16284-1-git-send-email-maninder1.s@samsung.com> User-Agent: Mutt/1.7.1 (2016-10-04) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1766 Lines: 55 * Maninder Singh [161204 21:32]: > Issue caught with static analysis tool: > "Dangerous usage of 'name' (strncpy doesn't always 0-terminate it)" > > Use strlcpy _includes_ the NUL terminator, and strlcat() which ensures > that it won't overflow the buffer. > > Reported-by: Maninder Singh > Signed-off-by: Vaneet Narang > Signed-off-by: Russell King I think the above should have been just: Cc: Russell King Can you please check and resend with Russell in Cc? Regards, Tony > --- > v1 -> v2: changed strncpy to strlcpy > v2 -> v3: use of strlcat as suggested by Russell to > make change clearer and simpler. > > arch/arm/mach-omap2/omap_hwmod.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/arch/arm/mach-omap2/omap_hwmod.c b/arch/arm/mach-omap2/omap_hwmod.c > index 759e1d4..e8b9887 100644 > --- a/arch/arm/mach-omap2/omap_hwmod.c > +++ b/arch/arm/mach-omap2/omap_hwmod.c > @@ -741,14 +741,14 @@ static int _init_main_clk(struct omap_hwmod *oh) > int ret = 0; > char name[MOD_CLK_MAX_NAME_LEN]; > struct clk *clk; > + static const char modck[] = "_mod_ck"; > > - /* +7 magic comes from '_mod_ck' suffix */ > - if (strlen(oh->name) + 7 > MOD_CLK_MAX_NAME_LEN) > + if (strlen(oh->name) >= MOD_CLK_MAX_NAME_LEN - strlen(modck)) > pr_warn("%s: warning: cropping name for %s\n", __func__, > oh->name); > > - strncpy(name, oh->name, MOD_CLK_MAX_NAME_LEN - 7); > - strcat(name, "_mod_ck"); > + strlcpy(name, oh->name, MOD_CLK_MAX_NAME_LEN - strlen(modck)); > + strlcat(name, modck, MOD_CLK_MAX_NAME_LEN); > > clk = clk_get(NULL, name); > if (!IS_ERR(clk)) { > -- > 1.9.1 >