[PATCH] net: ethernet: marvell: sky2.c: Cleaning up missing null-terminate in conjunction with strncpy

[PATCH] net: ethernet: marvell: sky2.c: Cleaning up missing null-terminate in conjunction with strncpy

[Rickard Strandqvist]

Replacing strncpy with strlcpy to avoid strings that lacks null terminate.

Signed-off-by: Rickard Strandqvist <rickard_strandqvist@spectrumdigital.se>
---
 drivers/net/ethernet/marvell/sky2.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/marvell/sky2.c b/drivers/net/ethernet/marvell/sky2.c
index dba48a5c..7053d38 100644
--- a/drivers/net/ethernet/marvell/sky2.c
+++ b/drivers/net/ethernet/marvell/sky2.c
@@ -4907,7 +4907,7 @@ static const char *sky2_name(u8 chipid, char *buf, int sz)
 	};
 
 	if (chipid >= CHIP_ID_YUKON_XL && chipid <= CHIP_ID_YUKON_OP_2)
-		strncpy(buf, name[chipid - CHIP_ID_YUKON_XL], sz);
+		strlcpy(buf, name[chipid - CHIP_ID_YUKON_XL], sz);
 	else
 		snprintf(buf, sz, "(chip %#x)", chipid);
 	return buf;
-- 
1.7.10.4

Re: [PATCH] net: ethernet: marvell: sky2.c: Cleaning up missing null-terminate in conjunction with strncpy

[Stephen Hemminger]

On Sun, 14 Sep 2014 19:33:43 +0200
Rickard Strandqvist <rickard_strandqvist@spectrumdigital.se> wrote:

> Replacing strncpy with strlcpy to avoid strings that lacks null terminate.
> 
> Signed-off-by: Rickard Strandqvist <rickard_strandqvist@spectrumdigital.se>
> ---
>  drivers/net/ethernet/marvell/sky2.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/net/ethernet/marvell/sky2.c b/drivers/net/ethernet/marvell/sky2.c
> index dba48a5c..7053d38 100644
> --- a/drivers/net/ethernet/marvell/sky2.c
> +++ b/drivers/net/ethernet/marvell/sky2.c
> @@ -4907,7 +4907,7 @@ static const char *sky2_name(u8 chipid, char *buf, int sz)
>  	};
>  
>  	if (chipid >= CHIP_ID_YUKON_XL && chipid <= CHIP_ID_YUKON_OP_2)
> -		strncpy(buf, name[chipid - CHIP_ID_YUKON_XL], sz);
> +		strlcpy(buf, name[chipid - CHIP_ID_YUKON_XL], sz);
>  	else
>  		snprintf(buf, sz, "(chip %#x)", chipid);
>  	return buf;

Useless and unnecessary since the list of names is right there.
Why not avoid the copy all together?

Subject: sky2: avoid strncpy

Don't use strncpy() since security thought police think it is bad.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>


--- a/drivers/net/ethernet/marvell/sky2.c	2014-08-25 09:01:16.292060455 -0700
+++ b/drivers/net/ethernet/marvell/sky2.c	2014-09-14 19:02:26.731034094 -0700
@@ -4889,7 +4889,7 @@ static int sky2_test_msi(struct sky2_hw
 }
 
 /* This driver supports yukon2 chipset only */
-static const char *sky2_name(u8 chipid, char *buf, int sz)
+static const char *sky2_name(u8 chipid)
 {
 	const char *name[] = {
 		"XL",		/* 0xb3 */
@@ -4905,11 +4905,12 @@ static const char *sky2_name(u8 chipid,
 		"OptimaEEE",    /* 0xbd */
 		"Optima 2",	/* 0xbe */
 	};
+	static char buf[16];
 
 	if (chipid >= CHIP_ID_YUKON_XL && chipid <= CHIP_ID_YUKON_OP_2)
-		strncpy(buf, name[chipid - CHIP_ID_YUKON_XL], sz);
-	else
-		snprintf(buf, sz, "(chip %#x)", chipid);
+		return name[chipid - CHIP_ID_YUKON_XL];
+
+	snprintf(buf, sizeof(buf), "(chip %#x)", chipid);
 	return buf;
 }
 
@@ -4919,7 +4920,6 @@ static int sky2_probe(struct pci_dev *pd
 	struct sky2_hw *hw;
 	int err, using_dac = 0, wol_default;
 	u32 reg;
-	char buf1[16];
 
 	err = pci_enable_device(pdev);
 	if (err) {
@@ -5014,7 +5014,7 @@ static int sky2_probe(struct pci_dev *pd
 	}
 
 	dev_info(&pdev->dev, "Yukon-2 %s chip revision %d\n",
-		 sky2_name(hw->chip_id, buf1, sizeof(buf1)), hw->chip_rev);
+		 sky2_name(hw->chip_id), hw->chip_rev);
 
 	sky2_reset(hw);
 

Re: [PATCH] net: ethernet: marvell: sky2.c: Cleaning up missing null-terminate in conjunction with strncpy

[Stephen Hemminger]

On Sun, 14 Sep 2014 19:33:43 +0200
Rickard Strandqvist <rickard_strandqvist@spectrumdigital.se> wrote:

> Replacing strncpy with strlcpy to avoid strings that lacks null terminate.
> 
> Signed-off-by: Rickard Strandqvist <rickard_strandqvist@spectrumdigital.se>
> ---
>  drivers/net/ethernet/marvell/sky2.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/net/ethernet/marvell/sky2.c b/drivers/net/ethernet/marvell/sky2.c
> index dba48a5c..7053d38 100644
> --- a/drivers/net/ethernet/marvell/sky2.c
> +++ b/drivers/net/ethernet/marvell/sky2.c
> @@ -4907,7 +4907,7 @@ static const char *sky2_name(u8 chipid, char *buf, int sz)
>  	};
>  
>  	if (chipid >= CHIP_ID_YUKON_XL && chipid <= CHIP_ID_YUKON_OP_2)
> -		strncpy(buf, name[chipid - CHIP_ID_YUKON_XL], sz);
> +		strlcpy(buf, name[chipid - CHIP_ID_YUKON_XL], sz);
>  	else
>  		snprintf(buf, sz, "(chip %#x)", chipid);
>  	return buf;

Useless and unnecessary since the list of names is right there.
Why not avoid the copy?

Re: [PATCH] net: ethernet: marvell: sky2.c: Cleaning up missing null-terminate in conjunction with strncpy

[David Miller]

From: Stephen Hemminger <stephen@networkplumber.org>
Date: Sun, 14 Sep 2014 19:05:57 -0700

> On Sun, 14 Sep 2014 19:33:43 +0200
> Rickard Strandqvist <rickard_strandqvist@spectrumdigital.se> wrote:
> 
>> Replacing strncpy with strlcpy to avoid strings that lacks null terminate.
>> 
>> Signed-off-by: Rickard Strandqvist <rickard_strandqvist@spectrumdigital.se>
>> ---
>>  drivers/net/ethernet/marvell/sky2.c |    2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>> 
>> diff --git a/drivers/net/ethernet/marvell/sky2.c b/drivers/net/ethernet/marvell/sky2.c
>> index dba48a5c..7053d38 100644
>> --- a/drivers/net/ethernet/marvell/sky2.c
>> +++ b/drivers/net/ethernet/marvell/sky2.c
>> @@ -4907,7 +4907,7 @@ static const char *sky2_name(u8 chipid, char *buf, int sz)
>>  	};
>>  
>>  	if (chipid >= CHIP_ID_YUKON_XL && chipid <= CHIP_ID_YUKON_OP_2)
>> -		strncpy(buf, name[chipid - CHIP_ID_YUKON_XL], sz);
>> +		strlcpy(buf, name[chipid - CHIP_ID_YUKON_XL], sz);
>>  	else
>>  		snprintf(buf, sz, "(chip %#x)", chipid);
>>  	return buf;
> 
> Useless and unnecessary since the list of names is right there.
> Why not avoid the copy all together?
> 
> Subject: sky2: avoid strncpy
> 
> Don't use strncpy() since security thought police think it is bad.
> 
> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

I think providing the buffer on the stack of the thread executing the
probe is superior because it will allow enabling parallel probing
in the future.

I don't think you have to change that aspect to achieve your goal
of returning the const char * string when possible.

Re: [PATCH] net: ethernet: marvell: sky2.c: Cleaning up missing null-terminate in conjunction with strncpy

[Stephen Hemminger]

On Mon, 15 Sep 2014 13:07:21 -0400 (EDT)
David Miller <davem@davemloft.net> wrote:

> From: Stephen Hemminger <stephen@networkplumber.org>
> Date: Sun, 14 Sep 2014 19:05:57 -0700
> 
> > On Sun, 14 Sep 2014 19:33:43 +0200
> > Rickard Strandqvist <rickard_strandqvist@spectrumdigital.se> wrote:
> > 
> >> Replacing strncpy with strlcpy to avoid strings that lacks null terminate.
> >> 
> >> Signed-off-by: Rickard Strandqvist <rickard_strandqvist@spectrumdigital.se>
> >> ---
> >>  drivers/net/ethernet/marvell/sky2.c |    2 +-
> >>  1 file changed, 1 insertion(+), 1 deletion(-)
> >> 
> >> diff --git a/drivers/net/ethernet/marvell/sky2.c b/drivers/net/ethernet/marvell/sky2.c
> >> index dba48a5c..7053d38 100644
> >> --- a/drivers/net/ethernet/marvell/sky2.c
> >> +++ b/drivers/net/ethernet/marvell/sky2.c
> >> @@ -4907,7 +4907,7 @@ static const char *sky2_name(u8 chipid, char *buf, int sz)
> >>  	};
> >>  
> >>  	if (chipid >= CHIP_ID_YUKON_XL && chipid <= CHIP_ID_YUKON_OP_2)
> >> -		strncpy(buf, name[chipid - CHIP_ID_YUKON_XL], sz);
> >> +		strlcpy(buf, name[chipid - CHIP_ID_YUKON_XL], sz);
> >>  	else
> >>  		snprintf(buf, sz, "(chip %#x)", chipid);
> >>  	return buf;
> > 
> > Useless and unnecessary since the list of names is right there.
> > Why not avoid the copy all together?
> > 
> > Subject: sky2: avoid strncpy
> > 
> > Don't use strncpy() since security thought police think it is bad.
> > 
> > Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
> 
> I think providing the buffer on the stack of the thread executing the
> probe is superior because it will allow enabling parallel probing
> in the future.
> 
> I don't think you have to change that aspect to achieve your goal
> of returning the const char * string when possible.

What is benefit of s/strncpy/strlcpy/ for known safe code?
Seems like more of the checkpatch police state.

Re: [PATCH] net: ethernet: marvell: sky2.c: Cleaning up missing null-terminate in conjunction with strncpy

[David Miller]

From: Stephen Hemminger <stephen@networkplumber.org>
Date: Mon, 15 Sep 2014 13:53:39 -0700

> On Mon, 15 Sep 2014 13:07:21 -0400 (EDT)
> David Miller <davem@davemloft.net> wrote:
> 
>> From: Stephen Hemminger <stephen@networkplumber.org>
>> Date: Sun, 14 Sep 2014 19:05:57 -0700
>> 
>> > On Sun, 14 Sep 2014 19:33:43 +0200
>> > Rickard Strandqvist <rickard_strandqvist@spectrumdigital.se> wrote:
>> > 
>> >> Replacing strncpy with strlcpy to avoid strings that lacks null terminate.
>> >> 
>> >> Signed-off-by: Rickard Strandqvist <rickard_strandqvist@spectrumdigital.se>
>> >> ---
>> >>  drivers/net/ethernet/marvell/sky2.c |    2 +-
>> >>  1 file changed, 1 insertion(+), 1 deletion(-)
>> >> 
>> >> diff --git a/drivers/net/ethernet/marvell/sky2.c b/drivers/net/ethernet/marvell/sky2.c
>> >> index dba48a5c..7053d38 100644
>> >> --- a/drivers/net/ethernet/marvell/sky2.c
>> >> +++ b/drivers/net/ethernet/marvell/sky2.c
>> >> @@ -4907,7 +4907,7 @@ static const char *sky2_name(u8 chipid, char *buf, int sz)
>> >>  	};
>> >>  
>> >>  	if (chipid >= CHIP_ID_YUKON_XL && chipid <= CHIP_ID_YUKON_OP_2)
>> >> -		strncpy(buf, name[chipid - CHIP_ID_YUKON_XL], sz);
>> >> +		strlcpy(buf, name[chipid - CHIP_ID_YUKON_XL], sz);
>> >>  	else
>> >>  		snprintf(buf, sz, "(chip %#x)", chipid);
>> >>  	return buf;
>> > 
>> > Useless and unnecessary since the list of names is right there.
>> > Why not avoid the copy all together?
>> > 
>> > Subject: sky2: avoid strncpy
>> > 
>> > Don't use strncpy() since security thought police think it is bad.
>> > 
>> > Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
>> 
>> I think providing the buffer on the stack of the thread executing the
>> probe is superior because it will allow enabling parallel probing
>> in the future.
>> 
>> I don't think you have to change that aspect to achieve your goal
>> of returning the const char * string when possible.
> 
> What is benefit of s/strncpy/strlcpy/ for known safe code?
> Seems like more of the checkpatch police state.
> 

Stephen, read my reply again.

I didn't say to go back to the strlcpy change.

I said to use your patch, but keep the buf[] parameter allocated on
the caller's stack.

Thanks.

Re: [PATCH] net: ethernet: marvell: sky2.c: Cleaning up missing null-terminate in conjunction with strncpy

[Rickard Strandqvist]

2014-09-15 22:56 GMT+02:00 David Miller <davem@davemloft.net>:
> From: Stephen Hemminger <stephen@networkplumber.org>
> Date: Mon, 15 Sep 2014 13:53:39 -0700
>
>> On Mon, 15 Sep 2014 13:07:21 -0400 (EDT)
>> David Miller <davem@davemloft.net> wrote:
>>
>>> From: Stephen Hemminger <stephen@networkplumber.org>
>>> Date: Sun, 14 Sep 2014 19:05:57 -0700
>>>
>>> > On Sun, 14 Sep 2014 19:33:43 +0200
>>> > Rickard Strandqvist <rickard_strandqvist@spectrumdigital.se> wrote:
>>> >
>>> >> Replacing strncpy with strlcpy to avoid strings that lacks null terminate.
>>> >>
>>> >> Signed-off-by: Rickard Strandqvist <rickard_strandqvist@spectrumdigital.se>
>>> >> ---
>>> >>  drivers/net/ethernet/marvell/sky2.c |    2 +-
>>> >>  1 file changed, 1 insertion(+), 1 deletion(-)
>>> >>
>>> >> diff --git a/drivers/net/ethernet/marvell/sky2.c b/drivers/net/ethernet/marvell/sky2.c
>>> >> index dba48a5c..7053d38 100644
>>> >> --- a/drivers/net/ethernet/marvell/sky2.c
>>> >> +++ b/drivers/net/ethernet/marvell/sky2.c
>>> >> @@ -4907,7 +4907,7 @@ static const char *sky2_name(u8 chipid, char *buf, int sz)
>>> >>   };
>>> >>
>>> >>   if (chipid >= CHIP_ID_YUKON_XL && chipid <= CHIP_ID_YUKON_OP_2)
>>> >> -         strncpy(buf, name[chipid - CHIP_ID_YUKON_XL], sz);
>>> >> +         strlcpy(buf, name[chipid - CHIP_ID_YUKON_XL], sz);
>>> >>   else
>>> >>           snprintf(buf, sz, "(chip %#x)", chipid);
>>> >>   return buf;
>>> >
>>> > Useless and unnecessary since the list of names is right there.
>>> > Why not avoid the copy all together?
>>> >
>>> > Subject: sky2: avoid strncpy
>>> >
>>> > Don't use strncpy() since security thought police think it is bad.
>>> >
>>> > Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
>>>
>>> I think providing the buffer on the stack of the thread executing the
>>> probe is superior because it will allow enabling parallel probing
>>> in the future.
>>>
>>> I don't think you have to change that aspect to achieve your goal
>>> of returning the const char * string when possible.
>>
>> What is benefit of s/strncpy/strlcpy/ for known safe code?
>> Seems like more of the checkpatch police state.
>>
>
> Stephen, read my reply again.
>
> I didn't say to go back to the strlcpy change.
>
> I said to use your patch, but keep the buf[] parameter allocated on
> the caller's stack.
>
> Thanks.


Hi

Has not happened anything here ...

Stephen, how can this be "." Then you might as well use strcpy,
because the use here does not guarantee that the string will be null
terminated, anyway.


And David, as I understand you want to use code like this:

static const char *sky2_name(u8 chipid, char *buf, int sz)
{
....

    if (chipid >= CHIP_ID_YUKON_XL && chipid <= CHIP_ID_YUKON_OP_2)
        return name[chipid - CHIP_ID_YUKON_XL];

    snprintf(buf, sz, "(chip %#x)", chipid);

    return buf;
}

Or?


And we can all easily see how the code is used here.

So Stephen statement as true, sz = 16.
And David, since we only use the return value.

But is it really such we should assume always is true?

What if someone uses it like this:

char tmp[8];
...
sky2_name(id, tmp, sizeof(tmp));
printf("The chip: %s\n", tmp);



Kind regards
Rickard Strandqvist