From 166db01007ea802ff9933ac73ec8f140ca0cf5d5 Mon Sep 17 00:00:00 2001 From: Justin Stitt Date: Tue, 19 Mar 2024 21:19:59 +0000 Subject: [PATCH] soc: qcom: cmd-db: replace deprecated strncpy with strtomem strncpy() is an ambiguous and potentially dangerous interface [1]. We should prefer more robust and less ambiguous alternatives. @query is marked as __nonstring and doesn't need to be NUL-terminated. Since we are doing a string to memory copy, we can use the aptly named "strtomem" -- specifically, the "pad" variant to also ensure NUL-padding throughout the destination buffer. Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2] Link: https://github.com/KSPP/linux/issues/90 Cc: linux-hardening@vger.kernel.org Reviewed-by: Kees Cook Signed-off-by: Justin Stitt Link: https://lore.kernel.org/r/20240319-strncpy-drivers-soc-qcom-cmd-db-c-v3-1-aeb5c5180c32@google.com Signed-off-by: Bjorn Andersson --- drivers/soc/qcom/cmd-db.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/drivers/soc/qcom/cmd-db.c b/drivers/soc/qcom/cmd-db.c index b4e613c34a5c..d84572662017 100644 --- a/drivers/soc/qcom/cmd-db.c +++ b/drivers/soc/qcom/cmd-db.c @@ -153,12 +153,7 @@ static int cmd_db_get_header(const char *id, const struct entry_header **eh, if (ret) return ret; - /* - * Pad out query string to same length as in DB. NOTE: the output - * query string is not necessarily '\0' terminated if it bumps up - * against the max size. That's OK and expected. - */ - strncpy(query, id, sizeof(query)); + strtomem_pad(query, id, 0); for (i = 0; i < MAX_SLV_ID; i++) { rsc_hdr = &cmd_db_header->header[i];