diff options
| author | Jakub Kicinski <[email protected]> | 2018-07-17 21:32:24 +0000 |
|---|---|---|
| committer | David S. Miller <[email protected]> | 2018-07-18 22:24:04 +0000 |
| commit | f15f084ff11519172c67fac4dde61daf4e9ad345 (patch) | |
| tree | ecf317e3e5924b4a3fdc3f4fe6ca534eb8f68e3d /net/tipc | |
| parent | tc-tests: initial version of fw filter unit tests (diff) | |
| download | kernel-f15f084ff11519172c67fac4dde61daf4e9ad345.tar.gz kernel-f15f084ff11519172c67fac4dde61daf4e9ad345.zip | |
pktgen: convert safe uses of strncpy() to strcpy() to avoid string truncation warning
GCC 8 complains:
net/core/pktgen.c: In function ‘pktgen_if_write’:
net/core/pktgen.c:1419:4: warning: ‘strncpy’ output may be truncated copying between 0 and 31 bytes from a string of length 127 [-Wstringop-truncation]
strncpy(pkt_dev->src_max, buf, len);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/core/pktgen.c:1399:4: warning: ‘strncpy’ output may be truncated copying between 0 and 31 bytes from a string of length 127 [-Wstringop-truncation]
strncpy(pkt_dev->src_min, buf, len);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/core/pktgen.c:1290:4: warning: ‘strncpy’ output may be truncated copying between 0 and 31 bytes from a string of length 127 [-Wstringop-truncation]
strncpy(pkt_dev->dst_max, buf, len);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/core/pktgen.c:1268:4: warning: ‘strncpy’ output may be truncated copying between 0 and 31 bytes from a string of length 127 [-Wstringop-truncation]
strncpy(pkt_dev->dst_min, buf, len);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
There is no bug here, but the code is not perfect either. It copies
sizeof(pkt_dev->/member/) - 1 from user space into buf, and then does
a strcmp(pkt_dev->/member/, buf) hence assuming buf will be null-terminated
and shorter than pkt_dev->/member/ (pkt_dev->/member/ is never
explicitly null-terminated, and strncpy() doesn't have to null-terminate
so the assumption must be on buf). The use of strncpy() without explicit
null-termination looks suspicious. Convert to use straight strcpy().
strncpy() would also null-pad the output, but that's clearly unnecessary
since the author calls memset(pkt_dev->/member/, 0, sizeof(..)); prior
to strncpy(), anyway.
While at it format the code for "dst_min", "dst_max", "src_min" and
"src_max" in the same way by removing extra new lines in one case.
Signed-off-by: Jakub Kicinski <[email protected]>
Reviewed-by: Jiong Wang <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Diffstat (limited to 'net/tipc')
0 files changed, 0 insertions, 0 deletions