[PATCH 16/25] net: sh_eth: ensure mdiodev->name is NULL terminated after MDIO_NAME_LEN truncation

Vladimir Oltean vladimir.oltean at nxp.com
Mon Sep 27 13:21:56 CEST 2021


strncpy() simply bails out when copying a source string whose size
exceeds the destination string size, potentially leaving the destination
string unterminated.

One possible way to address is to pass MDIO_NAME_LEN - 1 and a
previously zero-initialized destination string, but this is more
difficult to maintain.

The chosen alternative is to use strlcpy(), which properly limits the
copy len in the (srclen >= size) case to "size - 1", and which is also
more efficient than the strncpy() byte-by-byte implementation by using
memcpy. The destination string returned by strlcpy() is always NULL
terminated.

Signed-off-by: Vladimir Oltean <vladimir.oltean at nxp.com>
---
 drivers/net/sh_eth.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/sh_eth.c b/drivers/net/sh_eth.c
index 3143a5813a6d..4055f07b2feb 100644
--- a/drivers/net/sh_eth.c
+++ b/drivers/net/sh_eth.c
@@ -657,7 +657,7 @@ int sh_eth_initialize(struct bd_info *bd)
 	mdiodev = mdio_alloc();
 	if (!mdiodev)
 		return -ENOMEM;
-	strncpy(mdiodev->name, dev->name, MDIO_NAME_LEN);
+	strlcpy(mdiodev->name, dev->name, MDIO_NAME_LEN);
 	mdiodev->read = bb_miiphy_read;
 	mdiodev->write = bb_miiphy_write;
 
-- 
2.25.1



More information about the U-Boot mailing list