diff options
| author | David Herrmann <dh.herrmann@gmail.com> | 2018-11-14 14:16:42 +0100 |
|---|---|---|
| committer | Jiri Kosina <jkosina@suse.cz> | 2018-11-19 14:32:27 +0100 |
| commit | 4d26d1d1e8065bb3326a7c06d5d4698e581443a9 (patch) | |
| tree | f1a9ff9487e6984b11310d08d43f37c207ee7b66 /mm/kasan | |
| parent | 8c01db7619f07c85c5cd81ec5eb83608b56c88f5 (diff) | |
| download | linux-4d26d1d1e8065bb3326a7c06d5d4698e581443a9.tar.bz2 | |
Revert "HID: uhid: use strlcpy() instead of strncpy()"
This reverts commit 336fd4f5f25157e9e8bd50e898a1bbcd99eaea46.
Please note that `strlcpy()` does *NOT* do what you think it does.
strlcpy() *ALWAYS* reads the full input string, regardless of the
'length' parameter. That is, if the input is not zero-terminated,
strlcpy() will *READ* beyond input boundaries. It does this, because it
always returns the size it *would* copy if the target was big enough,
not the truncated size it actually copied.
The original code was perfectly fine. The hid device is
zero-initialized and the strncpy() functions copied up to n-1
characters. The result is always zero-terminated this way.
This is the third time someone tried to replace strncpy with strlcpy in
this function, and gets it wrong. I now added a comment that should at
least make people reconsider.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Diffstat (limited to 'mm/kasan')
0 files changed, 0 insertions, 0 deletions