strncpy() simply bails out when copying a source string whose size exceeds the destination string size, potentially leaving the destination string unterminated.
One possible way to address is to pass DSA_PORT_NAME_LENGTH - 1 and a previously zero-initialized destination string, but this is more difficult to maintain.
The chosen alternative is to use strlcpy(), which properly limits the copy len in the (srclen >= size) case to "size - 1", and which is also more efficient than the strncpy() byte-by-byte implementation by using memcpy. The destination string returned by strlcpy() is always NULL terminated.
Signed-off-by: Vladimir Oltean vladimir.oltean@nxp.com --- net/dsa-uclass.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/dsa-uclass.c b/net/dsa-uclass.c index 9b8ae1e82b92..8db0de686e2a 100644 --- a/net/dsa-uclass.c +++ b/net/dsa-uclass.c @@ -221,7 +221,7 @@ static int dsa_port_of_to_pdata(struct udevice *pdev)
label = ofnode_read_string(dev_ofnode(pdev), "label"); if (label) - strncpy(port_pdata->name, label, DSA_PORT_NAME_LENGTH); + strlcpy(port_pdata->name, label, DSA_PORT_NAME_LENGTH);
eth_pdata = dev_get_plat(pdev); eth_pdata->priv_pdata = port_pdata; @@ -433,7 +433,7 @@ static int dsa_post_bind(struct udevice *dev) struct dsa_port_pdata *port_pdata;
port_pdata = dev_get_parent_plat(pdev); - strncpy(port_pdata->name, name, DSA_PORT_NAME_LENGTH); + strlcpy(port_pdata->name, name, DSA_PORT_NAME_LENGTH); pdev->name = port_pdata->name; }