| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 26 Oct 2020 17:10:19 +0100
From: Arnd Bergmann <arnd@...nel.org>
To: Thierry Reding <thierry.reding@...il.com>,
Jonathan Hunter <jonathanh@...dia.com>
Cc: Arnd Bergmann <arnd@...db.de>, Thierry Reding <treding@...dia.com>,
Timo Alho <talho@...dia.com>, linux-tegra@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [PATCH] firmware: tegra: fix strncpy()/strncat() confusion
From: Arnd Bergmann <arnd@...db.de>
The way that bpmp_populate_debugfs_inband() uses strncpy()
and strncat() makes no sense since the size argument for
the first is insufficient to contain the trailing '/'
and the second passes the length of the input rather than
the output, which triggers a warning:
In function 'strncat',
inlined from 'bpmp_populate_debugfs_inband' at ../drivers/firmware/tegra/bpmp-debugfs.c:422:4:
include/linux/string.h:289:30: warning: '__builtin_strncat' specified bound depends on the length of the source argument [-Wstringop-overflow=]
289 | #define __underlying_strncat __builtin_strncat
| ^
include/linux/string.h:367:10: note: in expansion of macro '__underlying_strncat'
367 | return __underlying_strncat(p, q, count);
| ^~~~~~~~~~~~~~~~~~~~
drivers/firmware/tegra/bpmp-debugfs.c: In function 'bpmp_populate_debugfs_inband':
include/linux/string.h:288:29: note: length computed here
288 | #define __underlying_strlen __builtin_strlen
| ^
include/linux/string.h:321:10: note: in expansion of macro '__underlying_strlen'
321 | return __underlying_strlen(p);
Simplify this to use an snprintf() instead.
Fixes: 5e37b9c137ee ("firmware: tegra: Add support for in-band debug")
Signed-off-by: Arnd Bergmann <arnd@...db.de>
---
drivers/firmware/tegra/bpmp-debugfs.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/drivers/firmware/tegra/bpmp-debugfs.c b/drivers/firmware/tegra/bpmp-debugfs.c
index c1bbba9ee93a..9ec20ddc9a6b 100644
--- a/drivers/firmware/tegra/bpmp-debugfs.c
+++ b/drivers/firmware/tegra/bpmp-debugfs.c
@@ -412,16 +412,12 @@ static int bpmp_populate_debugfs_inband(struct tegra_bpmp *bpmp,
goto out;
}
- len = strlen(ppath) + strlen(name) + 1;
+ len = snprintf("%s%s/", pathlen, ppath, name);
if (len >= pathlen) {
err = -EINVAL;
goto out;
}
- strncpy(pathbuf, ppath, pathlen);
- strncat(pathbuf, name, strlen(name));
- strcat(pathbuf, "/");
-
err = bpmp_populate_debugfs_inband(bpmp, dentry,
pathbuf);
if (err < 0)
--
2.27.0
Powered by blists - more mailing lists