From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C4519E54E for ; Sun, 9 Jul 2023 15:13:55 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id F217BC433CC; Sun, 9 Jul 2023 15:13:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1688915635; bh=S31snx7GFg/oaF6O2rW/pZcSVMfGR4uWJlfGvvQMfRo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=O+wYEfhAlHpEh97vQuJNUbVF8oRhVMlOiHYTD/f2YJ6KInTl0djT4CrqskOOJ3Xv1 nzhPL3r0wLYLiqBXq3zXXmBCAC1Uwjj1H1PI+hAlddQGdFLmeygqBUScG53NTwErMH qovazDAXgdnKk18E9oZzIMXoOsAXCnSYV1sJGb4+Q4UwuGWngrh1cy59LqjDrk6fkb q5ZNsywcyjCdiFhlXmgIqBpwi5xOeb4+ZsIS9c4Cb1zaSgDZR/LmhdxRwpPkj2qcmN l9R32n3LWd4cRkxLNmZ/X/r/ivKZR9gfiHRwSCShfCt9sx+lTBjF17EZF6W7LqKTRO bzBrqcviF8XCw== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Hao Chen , kernel test robot , Hao Lan , Paolo Abeni , Sasha Levin , yisen.zhuang@huawei.com, salil.mehta@huawei.com, davem@davemloft.net, edumazet@google.com, kuba@kernel.org, guoren@kernel.org, huangguangbin2@huawei.com, netdev@vger.kernel.org, linux-csky@vger.kernel.org Subject: [PATCH AUTOSEL 6.4 26/26] net: hns3: fix strncpy() not using dest-buf length as length issue Date: Sun, 9 Jul 2023 11:12:55 -0400 Message-Id: <20230709151255.512931-26-sashal@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230709151255.512931-1-sashal@kernel.org> References: <20230709151255.512931-1-sashal@kernel.org> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore X-stable-base: Linux 6.4.2 Content-Transfer-Encoding: 8bit From: Hao Chen [ Upstream commit 1cf3d5567f273a8746d1bade00633a93204f80f0 ] Now, strncpy() in hns3_dbg_fill_content() use src-length as copy-length, it may result in dest-buf overflow. This patch is to fix intel compile warning for csky-linux-gcc (GCC) 12.1.0 compiler. The warning reports as below: hclge_debugfs.c:92:25: warning: 'strncpy' specified bound depends on the length of the source argument [-Wstringop-truncation] strncpy(pos, items[i].name, strlen(items[i].name)); hclge_debugfs.c:90:25: warning: 'strncpy' output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation] strncpy(pos, result[i], strlen(result[i])); strncpy() use src-length as copy-length, it may result in dest-buf overflow. So,this patch add some values check to avoid this issue. Signed-off-by: Hao Chen Reported-by: kernel test robot Closes: https://lore.kernel.org/lkml/202207170606.7WtHs9yS-lkp@intel.com/T/ Signed-off-by: Hao Lan Signed-off-by: Paolo Abeni Signed-off-by: Sasha Levin --- .../ethernet/hisilicon/hns3/hns3_debugfs.c | 31 ++++++++++++++----- .../hisilicon/hns3/hns3pf/hclge_debugfs.c | 29 ++++++++++++++--- 2 files changed, 48 insertions(+), 12 deletions(-) diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3_debugfs.c b/drivers/net/ethernet/hisilicon/hns3/hns3_debugfs.c index d385ffc218766..32bb14303473b 100644 --- a/drivers/net/ethernet/hisilicon/hns3/hns3_debugfs.c +++ b/drivers/net/ethernet/hisilicon/hns3/hns3_debugfs.c @@ -438,19 +438,36 @@ static void hns3_dbg_fill_content(char *content, u16 len, const struct hns3_dbg_item *items, const char **result, u16 size) { +#define HNS3_DBG_LINE_END_LEN 2 char *pos = content; + u16 item_len; u16 i; + if (!len) { + return; + } else if (len <= HNS3_DBG_LINE_END_LEN) { + *pos++ = '\0'; + return; + } + memset(content, ' ', len); - for (i = 0; i < size; i++) { - if (result) - strncpy(pos, result[i], strlen(result[i])); - else - strncpy(pos, items[i].name, strlen(items[i].name)); + len -= HNS3_DBG_LINE_END_LEN; - pos += strlen(items[i].name) + items[i].interval; + for (i = 0; i < size; i++) { + item_len = strlen(items[i].name) + items[i].interval; + if (len < item_len) + break; + + if (result) { + if (item_len < strlen(result[i])) + break; + strscpy(pos, result[i], strlen(result[i])); + } else { + strscpy(pos, items[i].name, strlen(items[i].name)); + } + pos += item_len; + len -= item_len; } - *pos++ = '\n'; *pos++ = '\0'; } diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_debugfs.c b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_debugfs.c index a0b46e7d863eb..233c132dc513e 100644 --- a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_debugfs.c +++ b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_debugfs.c @@ -88,16 +88,35 @@ static void hclge_dbg_fill_content(char *content, u16 len, const struct hclge_dbg_item *items, const char **result, u16 size) { +#define HCLGE_DBG_LINE_END_LEN 2 char *pos = content; + u16 item_len; u16 i; + if (!len) { + return; + } else if (len <= HCLGE_DBG_LINE_END_LEN) { + *pos++ = '\0'; + return; + } + memset(content, ' ', len); + len -= HCLGE_DBG_LINE_END_LEN; + for (i = 0; i < size; i++) { - if (result) - strncpy(pos, result[i], strlen(result[i])); - else - strncpy(pos, items[i].name, strlen(items[i].name)); - pos += strlen(items[i].name) + items[i].interval; + item_len = strlen(items[i].name) + items[i].interval; + if (len < item_len) + break; + + if (result) { + if (item_len < strlen(result[i])) + break; + strscpy(pos, result[i], strlen(result[i])); + } else { + strscpy(pos, items[i].name, strlen(items[i].name)); + } + pos += item_len; + len -= item_len; } *pos++ = '\n'; *pos++ = '\0'; -- 2.39.2