Commit 8eeb99bc authored by Francis Laniel's avatar Francis Laniel Committed by Jakub Kicinski
Browse files

Fix unefficient call to memset before memcpu in nla_strlcpy. 



Before this commit, nla_strlcpy first memseted dst to 0 then wrote src into it.
This is inefficient because bytes whom number is less than src length are written
twice.

This patch solves this issue by first writing src into dst then fill dst with
0's.
Note that, in the case where src length is higher than dst, only 0 is written.
Otherwise there are as many 0's written to fill dst.

For example, if src is "foo\0" and dst is 5 bytes long, the result will be:
1. "fooGG" after memcpy (G means garbage).
2. "foo\0\0" after memset.

Signed-off-by: default avatarFrancis Laniel <laniel_francis@privacyrequired.com>
Reviewed-by: default avatarKees Cook <keescook@chromium.org>
Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parent 41294e6a

lib/nlattr.c

+2 −1
Original line number Diff line number Diff line
@@ -731,8 +731,9 @@ size_t nla_strlcpy(char *dst, const struct nlattr *nla, size_t dstsize) 
	if (dstsize > 0) {

		size_t len = (srclen >= dstsize) ? dstsize - 1 : srclen;



		memset(dst, 0, dstsize);

		memcpy(dst, src, len);

		/* Zero pad end of dst. */

		memset(dst + len, 0, dstsize - len);

	}



	return srclen;

CRA Git | Maintained and supported by SUSTech CRA and CCSE