strncpy() simply bails out when copying a source string whose size exceeds the destination string size, potentially leaving the destination string unterminated.
One possible way to address is to pass MDIO_NAME_LEN - 1 and a previously zero-initialized destination string, but this is more difficult to maintain. The chosen alternative is to use strlcpy(), which properly limits the copy len in the (srclen >= size) case to "size - 1", and which is also more efficient than the strncpy() byte-by-byte implementation by using memcpy. The destination string returned by strlcpy() is always NULL terminated. Signed-off-by: Vladimir Oltean <[email protected]> --- drivers/net/bcm-sf2-eth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/bcm-sf2-eth.c b/drivers/net/bcm-sf2-eth.c index c862c141461c..88dc3ab38466 100644 --- a/drivers/net/bcm-sf2-eth.c +++ b/drivers/net/bcm-sf2-eth.c @@ -250,7 +250,7 @@ int bcm_sf2_eth_register(struct bd_info *bis, u8 dev_num) if (!mdiodev) return -ENOMEM; - strncpy(mdiodev->name, dev->name, MDIO_NAME_LEN); + strlcpy(mdiodev->name, dev->name, MDIO_NAME_LEN); mdiodev->read = eth->miiphy_read; mdiodev->write = eth->miiphy_write; -- 2.25.1
