Commit 1cf3d556 authored by Hao Chen's avatar Hao Chen Committed by Paolo Abeni
Browse files

net: hns3: fix strncpy() not using dest-buf length as length issue 



Now, strncpy() in hns3_dbg_fill_content() use src-length as copy-length,
it may result in dest-buf overflow.

This patch is to fix intel compile warning for csky-linux-gcc (GCC) 12.1.0
compiler.

The warning reports as below:

hclge_debugfs.c:92:25: warning: 'strncpy' specified bound depends on
the length of the source argument [-Wstringop-truncation]

strncpy(pos, items[i].name, strlen(items[i].name));

hclge_debugfs.c:90:25: warning: 'strncpy' output truncated before
terminating nul copying as many bytes from a string as its length
[-Wstringop-truncation]

strncpy(pos, result[i], strlen(result[i]));

strncpy() use src-length as copy-length, it may result in
dest-buf overflow.

So,this patch add some values check to avoid this issue.

Signed-off-by: default avatarHao Chen <chenhao418@huawei.com>
Reported-by: default avatarkernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/lkml/202207170606.7WtHs9yS-lkp@intel.com/T/


Signed-off-by: default avatarHao Lan <lanhao@huawei.com>
Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
parent 9b476494

drivers/net/ethernet/hisilicon/hns3/hns3_debugfs.c

+24 −7
Original line number Diff line number Diff line
@@ -438,19 +438,36 @@ static void hns3_dbg_fill_content(char *content, u16 len, 
				  const struct hns3_dbg_item *items,

				  const char **result, u16 size)

{

#define HNS3_DBG_LINE_END_LEN	2

	char *pos = content;

	u16 item_len;

	u16 i;



	if (!len) {

		return;

	} else if (len <= HNS3_DBG_LINE_END_LEN) {

		*pos++ = '\0';

		return;

	}



	memset(content, ' ', len);

	for (i = 0; i < size; i++) {

		if (result)

			strncpy(pos, result[i], strlen(result[i]));

		else

			strncpy(pos, items[i].name, strlen(items[i].name));

	len -= HNS3_DBG_LINE_END_LEN;



		pos += strlen(items[i].name) + items[i].interval;

	for (i = 0; i < size; i++) {

		item_len = strlen(items[i].name) + items[i].interval;

		if (len < item_len)

			break;



		if (result) {

			if (item_len < strlen(result[i]))

				break;

			strscpy(pos, result[i], strlen(result[i]));

		} else {

			strscpy(pos, items[i].name, strlen(items[i].name));

		}

		pos += item_len;

		len -= item_len;

	}



	*pos++ = '\n';

	*pos++ = '\0';

}

drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_debugfs.c

+24 −5
Original line number Diff line number Diff line
@@ -88,16 +88,35 @@ static void hclge_dbg_fill_content(char *content, u16 len, 
				   const struct hclge_dbg_item *items,

				   const char **result, u16 size)

{

#define HCLGE_DBG_LINE_END_LEN	2

	char *pos = content;

	u16 item_len;

	u16 i;



	if (!len) {

		return;

	} else if (len <= HCLGE_DBG_LINE_END_LEN) {

		*pos++ = '\0';

		return;

	}



	memset(content, ' ', len);

	len -= HCLGE_DBG_LINE_END_LEN;



	for (i = 0; i < size; i++) {

		if (result)

			strncpy(pos, result[i], strlen(result[i]));

		else

			strncpy(pos, items[i].name, strlen(items[i].name));

		pos += strlen(items[i].name) + items[i].interval;

		item_len = strlen(items[i].name) + items[i].interval;

		if (len < item_len)

			break;



		if (result) {

			if (item_len < strlen(result[i]))

				break;

			strscpy(pos, result[i], strlen(result[i]));

		} else {

			strscpy(pos, items[i].name, strlen(items[i].name));

		}

		pos += item_len;

		len -= item_len;

	}

	*pos++ = '\n';

	*pos++ = '\0';