From 3d46eee5a5f2f22ca04e2139e8c9a16b81d16073 Mon Sep 17 00:00:00 2001 From: Arnd Bergmann Date: Mon, 13 Aug 2018 23:26:54 +0200 Subject: [PATCH] bnxt_en: avoid string overflow for record->system_name The utsname()->nodename string may be 64 bytes long, and it gets copied without the trailing nul byte into the shorter record->system_name, as gcc now warns: In file included from include/linux/bitmap.h:9, from include/linux/ethtool.h:16, from drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c:13: In function 'strncpy', inlined from 'bnxt_fill_coredump_record' at drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c:2863:2: include/linux/string.h:254:9: error: '__builtin_strncpy' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation] Using strlcpy() at least avoids overflowing the destination buffer and adds proper nul-termination. It may still truncate long names though, which probably can't be solved here. Fixes: 6c5657d085ae ("bnxt_en: Add support for ethtool get dump.") Signed-off-by: Arnd Bergmann Acked-by: Michael Chan Signed-off-by: David S. Miller --- drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c index 9c929cd90b86..539be1d1b67f 100644 --- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c +++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c @@ -2860,8 +2860,8 @@ bnxt_fill_coredump_record(struct bnxt *bp, struct bnxt_coredump_record *record, record->low_version = 0; record->high_version = 1; record->asic_state = 0; - strncpy(record->system_name, utsname()->nodename, - strlen(utsname()->nodename)); + strlcpy(record->system_name, utsname()->nodename, + sizeof(record->system_name)); record->year = cpu_to_le16(tm.tm_year); record->month = cpu_to_le16(tm.tm_mon); record->day = cpu_to_le16(tm.tm_mday);