On Mon, Sep 27, 2021 at 2:22 PM Vladimir Oltean <[email protected]> wrote:
>
> strncpy() simply bails out when copying a source string whose size
> exceeds the destination string size, potentially leaving the destination
> string unterminated.
>
> One possible way to address is to pass MDIO_NAME_LEN - 1 and a
> previously zero-initialized destination string, but this is more
> difficult to maintain.
>
> The chosen alternative is to use strlcpy(), which properly limits the
> copy len in the (srclen >= size) case to "size - 1", and which is also
> more efficient than the strncpy() byte-by-byte implementation by using
> memcpy. The destination string returned by strlcpy() is always NULL
> terminated.
>
> Signed-off-by: Vladimir Oltean <[email protected]>
> ---
> drivers/net/bcm-sf2-eth.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/net/bcm-sf2-eth.c b/drivers/net/bcm-sf2-eth.c
> index c862c141461c..88dc3ab38466 100644
> --- a/drivers/net/bcm-sf2-eth.c
> +++ b/drivers/net/bcm-sf2-eth.c
> @@ -250,7 +250,7 @@ int bcm_sf2_eth_register(struct bd_info *bis, u8 dev_num)
>
> if (!mdiodev)
> return -ENOMEM;
> - strncpy(mdiodev->name, dev->name, MDIO_NAME_LEN);
> + strlcpy(mdiodev->name, dev->name, MDIO_NAME_LEN);
> mdiodev->read = eth->miiphy_read;
> mdiodev->write = eth->miiphy_write;
>
> --
> 2.25.1
>
Reviewed-by: Ramon Fried <[email protected]>
