projects / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 041878d)
staging/vc04_services: Remove all strcpy() uses in favor of strscpy()
authorLen Baker <len.baker@gmx.com>
Sun, 18 Jul 2021 13:12:17 +0000 (15:12 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 29 Jul 2021 15:26:30 +0000 (17:26 +0200)
strcpy() performs no bounds checking on the destination buffer. This
could result in linear overflows beyond the end of the buffer, leading
to all kinds of misbehaviors. The safe replacement is strscpy().

Signed-off-by: Len Baker <len.baker@gmx.com>
Link: https://lore.kernel.org/r/20210718131217.3806-1-len.baker@gmx.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/staging/vc04_services/bcm2835-camera/bcm2835-camera.c patch | blob | history
drivers/staging/vc04_services/interface/vchiq_arm/vchiq_core.c patch | blob | history

diff --git a/drivers/staging/vc04_services/bcm2835-camera/bcm2835-camera.c b/drivers/staging/vc04_services/bcm2835-camera/bcm2835-camera.c
index df90c1f9d148312502bba9468fcfe3f9557c54f6..1b184d5c6b822b953127c63373346dccbbf748dd 100644 (file)
--- a/drivers/staging/vc04_services/bcm2835-camera/bcm2835-camera.c
+++ b/drivers/staging/vc04_services/bcm2835-camera/bcm2835-camera.c
@@ -884,7 +884,7 @@ static int vidioc_querycap(struct file *file, void *priv,
 
        vchiq_mmal_version(dev->instance, &major, &minor);
 
-       strcpy((char *)cap->driver, "bm2835 mmal");
+       strscpy(cap->driver, "bm2835 mmal", sizeof(cap->driver));
        snprintf((char *)cap->card, sizeof(cap->card), "mmal service %d.%d",
                 major, minor);
 
diff --git a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_core.c b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_core.c
index 4f43e4213bfecaf4b782427c85eecc899d297a4a..9429b8a642fbbe4030cb2db15f17838bbb1f6265 100644 (file)
--- a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_core.c
+++ b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_core.c
@@ -3716,7 +3716,7 @@ int vchiq_dump_service_state(void *dump_context, struct vchiq_service *service)
                                        sizeof(remoteport) - len2,
                                        " (client %x)", service->client_id);
                } else {
-                       strcpy(remoteport, "n/a");
+                       strscpy(remoteport, "n/a", sizeof(remoteport));
                }
 
                len += scnprintf(buf + len, sizeof(buf) - len,
ep93xx device tree rework repo: git://git.maquefel.me/linux.git