mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-10-30 08:02:30 +00:00
b6ed2f7758
strlcpy() reads the entire source buffer first. This read may exceed the destination size limit. This is both inefficient and can lead to linear read overflows if a source string is not NUL-terminated [1]. In an effort to remove strlcpy() completely [2], replace strlcpy() here with strscpy(). No return values were used, so direct replacement is safe. [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy [2] https://github.com/KSPP/linux/issues/89 Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com> Reviewed-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20230706175804.2249018-1-azeemshaikh38@gmail.com Signed-off-by: Kees Cook <keescook@chromium.org> # diff --git a/drivers/eisa/eisa-bus.c b/drivers/eisa/eisa-bus.c # index 713582cc27d1..33f0ba11c6ad 100644 # --- a/drivers/eisa/eisa-bus.c # +++ b/drivers/eisa/eisa-bus.c # @@ -60,7 +60,7 @@ static void __init eisa_name_device(struct eisa_device *edev) # int i; # for (i = 0; i < EISA_INFOS; i++) { # if (!strcmp(edev->id.sig, eisa_table[i].id.sig)) { # - strlcpy(edev->pretty_name, # + strscpy(edev->pretty_name, # eisa_table[i].name, # sizeof(edev->pretty_name)); # return; |
||
---|---|---|
.. | ||
.gitignore | ||
eisa-bus.c | ||
eisa.ids | ||
Kconfig | ||
Makefile | ||
pci_eisa.c | ||
virtual_root.c |