From patchwork Fri Sep 7 16:52:15 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sudeep Holla X-Patchwork-Id: 146215 Delivered-To: patch@linaro.org Received: by 2002:a2e:1648:0:0:0:0:0 with SMTP id 8-v6csp1410894ljw; Fri, 7 Sep 2018 09:52:29 -0700 (PDT) X-Google-Smtp-Source: ANB0VdaXU8VEYger3qhVBh9rAWQV3ghMZ48uA8FHvY+88Q6Xa3D7IhDVkHsPFkloYH7yF7Zxi9rG X-Received: by 2002:a63:4d47:: with SMTP id n7-v6mr9243232pgl.270.1536339149176; Fri, 07 Sep 2018 09:52:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536339149; cv=none; d=google.com; s=arc-20160816; b=O8SJY6NENd9ZFkL5E6iBA2LtstLETxyXzXHYcyWKO8617qzcLMxb3BlAjI4438qrfW LsAAEhVz8Dp1WIAAY5E1DrOhxv22h0/x55h/eHX+3xFwTzD9lMemsQFl7xBcMk3iDjXT l/f+DSMulPhdY397NonJr6q9Ex5bdf/6zMS3bGltLXFBn675VfhcoGoVCo0NEC+QaHQ0 T+ODAFGxsxz1zn8z5dv21V377D4gpgoplYoYebQdxh7Fh34A2CHKqHXC6zU/IRp7n3Uu 5BvQoM3VliMsMhI927wsUrJ6i5WhRnZx0EkAgdiAXmN3leRqL+nzSzqz40NF3IpRR4Uw 7LiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from; bh=dRu8QKYe4/m9w68kECUCZpBYO4gElxMr7hRVi8viRMY=; b=pulKduCGey/+iy2R4MTriOUn0NozFrBewb6p2VyC7HvBW1ShSBxIvMxo6ZQNylZL7t CTp9mEEzebtcpBDX0TGO3SFH1Rwo8GxM8BqLnPyHjhGJlxyRrmujS+6Cu1Vsy9lEXehk EP6K000ZpietRJx1y3t+FnOrfY4d/50W4ad5W0Ruv4EDe3nBblBeQGCttuAFUTpzJ83K PRdV8wA3HNyTxOX7uEQquUBx/bRudL2ioNvjFLB7ce+vcJmFcFRILO05Uh3gdAyoWc6D +ooJhlyq0jS0/B68fU5YIDfPL4KheW+48RJrbE7S/MTIT5T9pLZch1wzzYJWdhp7bL4d fc7Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 1-v6si8781600plr.326.2018.09.07.09.52.26; Fri, 07 Sep 2018 09:52:29 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727618AbeIGVeK (ORCPT + 32 others); Fri, 7 Sep 2018 17:34:10 -0400 Received: from foss.arm.com ([217.140.101.70]:34678 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726284AbeIGVeJ (ORCPT ); Fri, 7 Sep 2018 17:34:09 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id E1C1918A; Fri, 7 Sep 2018 09:52:22 -0700 (PDT) Received: from usa.arm.com (e107155-lin.emea.arm.com [10.4.12.116]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id B00713F5BC; Fri, 7 Sep 2018 09:52:21 -0700 (PDT) From: Sudeep Holla To: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, Olof Johansson Cc: Sudeep Holla , Kevin Hilman , Arnd Bergmann Subject: [PATCH] firmware: arm_scmi: use strlcpy to ensure NULL-terminated strings Date: Fri, 7 Sep 2018 17:52:15 +0100 Message-Id: <1536339135-5431-1-git-send-email-sudeep.holla@arm.com> X-Mailer: git-send-email 2.7.4 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Replace all the memcpy() for copying name strings from the firmware with strlcpy() to make sure we are bounded by the source buffer size and we also always have NULL-terminated strings. This is needed to avoid out of bounds accesses if the firmware returns a non-terminated string. Reported-by: Olof Johansson Signed-off-by: Sudeep Holla --- drivers/firmware/arm_scmi/base.c | 2 +- drivers/firmware/arm_scmi/clock.c | 2 +- drivers/firmware/arm_scmi/perf.c | 2 +- drivers/firmware/arm_scmi/power.c | 2 +- drivers/firmware/arm_scmi/sensors.c | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) Hi Olof, Let me know if this is rc/fix material or need to wait for v4.20 ? Regards, Sudeep -- 2.7.4 Acked-by: Olof Johansson diff --git a/drivers/firmware/arm_scmi/base.c b/drivers/firmware/arm_scmi/base.c index 9dff33ea6416..204390297f4b 100644 --- a/drivers/firmware/arm_scmi/base.c +++ b/drivers/firmware/arm_scmi/base.c @@ -208,7 +208,7 @@ static int scmi_base_discover_agent_get(const struct scmi_handle *handle, ret = scmi_do_xfer(handle, t); if (!ret) - memcpy(name, t->rx.buf, SCMI_MAX_STR_SIZE); + strlcpy(name, t->rx.buf, SCMI_MAX_STR_SIZE); scmi_xfer_put(handle, t); diff --git a/drivers/firmware/arm_scmi/clock.c b/drivers/firmware/arm_scmi/clock.c index e4119eb34986..30fc04e28431 100644 --- a/drivers/firmware/arm_scmi/clock.c +++ b/drivers/firmware/arm_scmi/clock.c @@ -111,7 +111,7 @@ static int scmi_clock_attributes_get(const struct scmi_handle *handle, ret = scmi_do_xfer(handle, t); if (!ret) - memcpy(clk->name, attr->name, SCMI_MAX_STR_SIZE); + strlcpy(clk->name, attr->name, SCMI_MAX_STR_SIZE); else clk->name[0] = '\0'; diff --git a/drivers/firmware/arm_scmi/perf.c b/drivers/firmware/arm_scmi/perf.c index 721e6c57beae..c3b0041defee 100644 --- a/drivers/firmware/arm_scmi/perf.c +++ b/drivers/firmware/arm_scmi/perf.c @@ -168,7 +168,7 @@ scmi_perf_domain_attributes_get(const struct scmi_handle *handle, u32 domain, le32_to_cpu(attr->sustained_perf_level); dom_info->mult_factor = (dom_info->sustained_freq_khz * 1000) / dom_info->sustained_perf_level; - memcpy(dom_info->name, attr->name, SCMI_MAX_STR_SIZE); + strlcpy(dom_info->name, attr->name, SCMI_MAX_STR_SIZE); } scmi_xfer_put(handle, t); diff --git a/drivers/firmware/arm_scmi/power.c b/drivers/firmware/arm_scmi/power.c index cfa033b05aed..62f3401a1f01 100644 --- a/drivers/firmware/arm_scmi/power.c +++ b/drivers/firmware/arm_scmi/power.c @@ -106,7 +106,7 @@ scmi_power_domain_attributes_get(const struct scmi_handle *handle, u32 domain, dom_info->state_set_notify = SUPPORTS_STATE_SET_NOTIFY(flags); dom_info->state_set_async = SUPPORTS_STATE_SET_ASYNC(flags); dom_info->state_set_sync = SUPPORTS_STATE_SET_SYNC(flags); - memcpy(dom_info->name, attr->name, SCMI_MAX_STR_SIZE); + strlcpy(dom_info->name, attr->name, SCMI_MAX_STR_SIZE); } scmi_xfer_put(handle, t); diff --git a/drivers/firmware/arm_scmi/sensors.c b/drivers/firmware/arm_scmi/sensors.c index 27f2092b9882..b53d5cc9c9f6 100644 --- a/drivers/firmware/arm_scmi/sensors.c +++ b/drivers/firmware/arm_scmi/sensors.c @@ -140,7 +140,7 @@ static int scmi_sensor_description_get(const struct scmi_handle *handle, s = &si->sensors[desc_index + cnt]; s->id = le32_to_cpu(buf->desc[cnt].id); s->type = SENSOR_TYPE(attrh); - memcpy(s->name, buf->desc[cnt].name, SCMI_MAX_STR_SIZE); + strlcpy(s->name, buf->desc[cnt].name, SCMI_MAX_STR_SIZE); } desc_index += num_returned;