Commit ca64b719 authored by Sudeep Holla's avatar Sudeep Holla
Browse files

firmware: arm_scmi: use strlcpy to ensure NULL-terminated strings 



Replace all the memcpy() for copying name strings from the firmware with
strlcpy() to make sure we are bounded by the source buffer size and we
also always have NULL-terminated strings.

This is needed to avoid out of bounds accesses if the firmware returns
a non-terminated string.

Reported-by: default avatarOlof Johansson <olof@lixom.net>
Acked-by: default avatarOlof Johansson <olof@lixom.net>
Signed-off-by: default avatarSudeep Holla <sudeep.holla@arm.com>
parent 11da3a7f

drivers/firmware/arm_scmi/base.c

+1 −1
Original line number Diff line number Diff line
@@ -208,7 +208,7 @@ static int scmi_base_discover_agent_get(const struct scmi_handle *handle, 


	ret = scmi_do_xfer(handle, t);

	if (!ret)

		memcpy(name, t->rx.buf, SCMI_MAX_STR_SIZE);

		strlcpy(name, t->rx.buf, SCMI_MAX_STR_SIZE);



	scmi_xfer_put(handle, t);

drivers/firmware/arm_scmi/clock.c

+1 −1
Original line number Diff line number Diff line
@@ -111,7 +111,7 @@ static int scmi_clock_attributes_get(const struct scmi_handle *handle, 


	ret = scmi_do_xfer(handle, t);

	if (!ret)

		memcpy(clk->name, attr->name, SCMI_MAX_STR_SIZE);

		strlcpy(clk->name, attr->name, SCMI_MAX_STR_SIZE);

	else

		clk->name[0] = '\0';

drivers/firmware/arm_scmi/perf.c

+1 −1
Original line number Diff line number Diff line
@@ -174,7 +174,7 @@ scmi_perf_domain_attributes_get(const struct scmi_handle *handle, u32 domain, 
			dom_info->mult_factor =

					(dom_info->sustained_freq_khz * 1000) /

					dom_info->sustained_perf_level;

		memcpy(dom_info->name, attr->name, SCMI_MAX_STR_SIZE);

		strlcpy(dom_info->name, attr->name, SCMI_MAX_STR_SIZE);

	}



	scmi_xfer_put(handle, t);

drivers/firmware/arm_scmi/power.c

+1 −1
Original line number Diff line number Diff line
@@ -106,7 +106,7 @@ scmi_power_domain_attributes_get(const struct scmi_handle *handle, u32 domain, 
		dom_info->state_set_notify = SUPPORTS_STATE_SET_NOTIFY(flags);

		dom_info->state_set_async = SUPPORTS_STATE_SET_ASYNC(flags);

		dom_info->state_set_sync = SUPPORTS_STATE_SET_SYNC(flags);

		memcpy(dom_info->name, attr->name, SCMI_MAX_STR_SIZE);

		strlcpy(dom_info->name, attr->name, SCMI_MAX_STR_SIZE);

	}



	scmi_xfer_put(handle, t);

drivers/firmware/arm_scmi/sensors.c

+1 −1
Original line number Diff line number Diff line
@@ -140,7 +140,7 @@ static int scmi_sensor_description_get(const struct scmi_handle *handle, 
			s = &si->sensors[desc_index + cnt];

			s->id = le32_to_cpu(buf->desc[cnt].id);

			s->type = SENSOR_TYPE(attrh);

			memcpy(s->name, buf->desc[cnt].name, SCMI_MAX_STR_SIZE);

			strlcpy(s->name, buf->desc[cnt].name, SCMI_MAX_STR_SIZE);

		}



		desc_index += num_returned;

CRA Git | Maintained and supported by SUSTech CRA and CCSE