6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Azeem Shaikh azeemshaikh38@gmail.com
[ Upstream commit bf4a35e9201d30b63a8d276797d6ecfaa596ccd3 ]
strlcpy() reads the entire source buffer first. This read may exceed the destination size limit. This is both inefficient and can lead to linear read overflows if a source string is not NUL-terminated [1]. In an effort to remove strlcpy() completely [2], replace strlcpy() here with strscpy(). No return values were used, so direct replacement is safe.
[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy [2] https://github.com/KSPP/linux/issues/89
Signed-off-by: Azeem Shaikh azeemshaikh38@gmail.com Reviewed-by: Kees Cook keescook@chromium.org Link: https://lore.kernel.org/r/20230523021451.2406362-1-azeemshaikh38@gmail.com Signed-off-by: Lee Jones lee@kernel.org Stable-dep-of: ccc35ff2fd29 ("leds: spi-byte: Use devm_led_classdev_register_ext()") Signed-off-by: Sasha Levin sashal@kernel.org --- drivers/leds/flash/leds-aat1290.c | 2 +- drivers/leds/led-class.c | 2 +- drivers/leds/leds-spi-byte.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/leds/flash/leds-aat1290.c b/drivers/leds/flash/leds-aat1290.c index 589484b22c796..f12ecb2c65803 100644 --- a/drivers/leds/flash/leds-aat1290.c +++ b/drivers/leds/flash/leds-aat1290.c @@ -425,7 +425,7 @@ static void aat1290_init_v4l2_flash_config(struct aat1290_led *led, struct led_classdev *led_cdev = &led->fled_cdev.led_cdev; struct led_flash_setting *s;
- strlcpy(v4l2_sd_cfg->dev_name, led_cdev->dev->kobj.name, + strscpy(v4l2_sd_cfg->dev_name, led_cdev->dev->kobj.name, sizeof(v4l2_sd_cfg->dev_name));
s = &v4l2_sd_cfg->intensity; diff --git a/drivers/leds/led-class.c b/drivers/leds/led-class.c index 93fdca5c7dc5d..923138c808ca2 100644 --- a/drivers/leds/led-class.c +++ b/drivers/leds/led-class.c @@ -321,7 +321,7 @@ static int led_classdev_next_name(const char *init_name, char *name, int ret = 0; struct device *dev;
- strlcpy(name, init_name, len); + strscpy(name, init_name, len);
while ((ret < len) && (dev = class_find_device_by_name(leds_class, name))) { diff --git a/drivers/leds/leds-spi-byte.c b/drivers/leds/leds-spi-byte.c index 6883d3ba382f9..065a2bcb7c14b 100644 --- a/drivers/leds/leds-spi-byte.c +++ b/drivers/leds/leds-spi-byte.c @@ -97,7 +97,7 @@ static int spi_byte_probe(struct spi_device *spi) return -ENOMEM;
of_property_read_string(child, "label", &name); - strlcpy(led->name, name, sizeof(led->name)); + strscpy(led->name, name, sizeof(led->name)); led->spi = spi; mutex_init(&led->mutex); led->cdef = device_get_match_data(dev);