[PATCH 3.13 031/105] mei: bus: fix possible boundaries violation

Kamal Mostafa kamal at canonical.com
Mon Oct 27 18:56:06 UTC 2014 -stable review patch.  If anyone has any objections, please let me know.


From: Alexander Usyskin <alexander.usyskin at intel.com>

commit cfda2794b5afe7ce64ee9605c64bef0e56a48125 upstream.

function 'strncpy' will fill whole buffer 'id.name' of fixed size (32)
with string value and will not leave place for NULL-terminator.
Possible buffer boundaries violation in following string operations.
Replace strncpy with strlcpy.

Signed-off-by: Alexander Usyskin <alexander.usyskin at intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler at intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal at canonical.com>
 drivers/misc/mei/bus.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/misc/mei/bus.c b/drivers/misc/mei/bus.c
index 4bc7d62..9a07bba 100644
--- a/drivers/misc/mei/bus.c
+++ b/drivers/misc/mei/bus.c
@@ -71,7 +71,7 @@ static int mei_cl_device_probe(struct device *dev)
 	dev_dbg(dev, "Device probe\n");
-	strncpy(id.name, dev_name(dev), sizeof(id.name));
+	strlcpy(id.name, dev_name(dev), sizeof(id.name));
 	return driver->probe(device, &id);

More information about the kernel-team mailing list