net: cxgb4: avoid memcpy beyond end of source buffer

Building with link-time-optimizations revealed that the cxgb4 driver does
a fixed-size memcpy() from a variable-length constant string into the
network interface name:

In function 'memcpy',
    inlined from 'cfg_queues_uld.constprop' at drivers/net/ethernet/chelsio/cxgb4/cxgb4_uld.c:335:2,
    inlined from 'cxgb4_register_uld.constprop' at drivers/net/ethernet/chelsio/cxgb4/cxgb4_uld.c:719:9:
include/linux/string.h:350:3: error: call to '__read_overflow2' declared with attribute error: detected read beyond size of object passed as 2nd parameter
   __read_overflow2();
   ^

I can see two equally workable solutions: either we use a strncpy() instead
of the memcpy() to stop at the end of the input, or we make the source buffer
fixed length as well. This implements the latter.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: David S. Miller <davem@davemloft.net>

This commit is contained in:

Arnd Bergmann

2018-02-02 16:18:37 +01:00

committed by

David S. Miller

parent 058a6c0334

commit 1a91649fd3

1 changed files with 1 additions and 1 deletions

									
										2

drivers/net/ethernet/chelsio/cxgb4/cxgb4_uld.h

										View File
									
				@ -355,7 +355,7 @@ struct cxgb4_lld_info {

				};

				struct cxgb4_uld_info {

					const char *name;

					char name[IFNAMSIZ];

					void *handle;

					unsigned int nrxq;

					unsigned int rxq_size;

net: cxgb4: avoid memcpy beyond end of source buffer

2 drivers/net/ethernet/chelsio/cxgb4/cxgb4_uld.h Unescape Escape View File

2

drivers/net/ethernet/chelsio/cxgb4/cxgb4_uld.h

View File