[PATCH 1/3] staging: fbtft: use strncpy instead of strcpy

From: Sudip Mukherjee
Date: Sat Sep 05 2015 - 09:44:06 EST

Next message: Sudip Mukherjee: "[PATCH 2/3] staging: fbtft: do not use magic numbers"
Previous message: Nuno GonÃalves: "Re: Regression: can't apply frequency offsets above 1000ppm."
Next in thread: Sudip Mukherjee: "[PATCH 2/3] staging: fbtft: do not use magic numbers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Using strcpy() is a security risk as the destination buffer size is not
checked and we may over-run the buffer. Use strncpy() instead, while
mentioning the buffer size leaving place for the NULL termination.

Signed-off-by: Sudip Mukherjee <sudip@xxxxxxxxxxxxxxx>
---
drivers/staging/fbtft/fbtft_device.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/staging/fbtft/fbtft_device.c b/drivers/staging/fbtft/fbtft_device.c
index 0483d33..3856c88 100644
--- a/drivers/staging/fbtft/fbtft_device.c
+++ b/drivers/staging/fbtft/fbtft_device.c
@@ -1342,7 +1342,8 @@ static int __init fbtft_device_init(void)
p_name, p_num);
return -EINVAL;
}
- strcpy(fbtft_device_param_gpios[i].name, p_name);
+ strncpy(fbtft_device_param_gpios[i].name, p_name,
+ FBTFT_GPIO_NAME_SIZE - 1);
fbtft_device_param_gpios[i++].gpio = (int) val;
if (i == MAX_GPIOS) {
pr_err(DRVNAME
--
1.9.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Sudip Mukherjee: "[PATCH 2/3] staging: fbtft: do not use magic numbers"
Previous message: Nuno GonÃalves: "Re: Regression: can't apply frequency offsets above 1000ppm."
Next in thread: Sudip Mukherjee: "[PATCH 2/3] staging: fbtft: do not use magic numbers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]