strncpy() simply bails out when copying a source string whose size
exceeds the destination string size, potentially leaving the destination
string unterminated.
One possible way to address is to pass MDIO_NAME_LEN - 1 and a
previously zero-initialized destination string, but this is more
difficult to maintain.
The chosen alternative is to use strlcpy(), which properly limits the
copy len in the (srclen >= size) case to "size - 1", and which is also
more efficient than the strncpy() byte-by-byte implementation by using
memcpy. The destination string returned by strlcpy() is always NULL
terminated.
Signed-off-by: Vladimir Oltean <vladimir.olt...@nxp.com>
---
drivers/net/mpc8xx_fec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/mpc8xx_fec.c b/drivers/net/mpc8xx_fec.c
index 282c2599d3c4..4eb826028111 100644
--- a/drivers/net/mpc8xx_fec.c
+++ b/drivers/net/mpc8xx_fec.c
@@ -160,7 +160,7 @@ int fec_initialize(struct bd_info *bis)
struct mii_dev *mdiodev = mdio_alloc();
if (!mdiodev)
return -ENOMEM;
- strncpy(mdiodev->name, dev->name, MDIO_NAME_LEN);
+ strlcpy(mdiodev->name, dev->name, MDIO_NAME_LEN);
mdiodev->read = fec8xx_miiphy_read;
mdiodev->write = fec8xx_miiphy_write;
--
2.25.1
