The sample userspace firmware-management tool uses strncpy() to copy firmware tags. strncpy() does not guarantee null-termination and can leave buffers unterminated. For userspace code, strlcpy() is the recommended safe alternative.
Replace all strncpy() calls with strlcpy().
Signed-off-by: Dharanitharan dharanitharan725@gmail.com --- .../greybus/Documentation/firmware/firmware.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/drivers/staging/greybus/Documentation/firmware/firmware.c b/drivers/staging/greybus/Documentation/firmware/firmware.c index 3b35ef6d4adb..224eb8f4e39c 100644 --- a/drivers/staging/greybus/Documentation/firmware/firmware.c +++ b/drivers/staging/greybus/Documentation/firmware/firmware.c @@ -63,8 +63,9 @@ static int update_intf_firmware(int fd) intf_load.major = 0; intf_load.minor = 0;
- strncpy((char *)&intf_load.firmware_tag, firmware_tag, - GB_FIRMWARE_U_TAG_MAX_SIZE); + strlcpy(intf_load.firmware_tag, firmware_tag, + GB_FIRMWARE_U_TAG_MAX_SIZE); +
ret = ioctl(fd, FW_MGMT_IOC_INTF_LOAD_AND_VALIDATE, &intf_load); if (ret < 0) { @@ -101,8 +102,9 @@ static int update_backend_firmware(int fd) /* Get Backend Firmware Version */ printf("Getting Backend Firmware Version\n");
- strncpy((char *)&backend_fw_info.firmware_tag, firmware_tag, - GB_FIRMWARE_U_TAG_MAX_SIZE); + strlcpy(backend_fw_info.firmware_tag, firmware_tag, + GB_FIRMWARE_U_TAG_MAX_SIZE); +
retry_fw_version: ret = ioctl(fd, FW_MGMT_IOC_GET_BACKEND_FW, &backend_fw_info); @@ -129,8 +131,8 @@ static int update_backend_firmware(int fd) /* Try Backend Firmware Update over Unipro */ printf("Updating Backend Firmware\n");
- strncpy((char *)&backend_update.firmware_tag, firmware_tag, - GB_FIRMWARE_U_TAG_MAX_SIZE); + strlcpy(backend_update.firmware_tag, firmware_tag, + GB_FIRMWARE_U_TAG_MAX_SIZE);
retry_fw_update: backend_update.status = 0;