linux/arch/sparc/prom/bootstr_32.c
Azeem Shaikh bb07972fd6 sparc64: Replace all non-returning strlcpy with strscpy
strlcpy() reads the entire source buffer first.
This read may exceed the destination size limit.
This is both inefficient and can lead to linear read
overflows if a source string is not NUL-terminated [1].
In an effort to remove strlcpy() completely [2], replace
strlcpy() here with strscpy().
No return values were used, so direct replacement is safe.

[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
[2] https://github.com/KSPP/linux/issues/89

Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20230530163001.985256-1-azeemshaikh38@gmail.com
2023-06-14 12:04:06 -07:00

64 lines
1.3 KiB
C

// SPDX-License-Identifier: GPL-2.0
/*
* bootstr.c: Boot string/argument acquisition from the PROM.
*
* Copyright(C) 1995 David S. Miller (davem@caip.rutgers.edu)
*/
#include <linux/string.h>
#include <asm/oplib.h>
#include <linux/init.h>
#define BARG_LEN 256
static char barg_buf[BARG_LEN] = { 0 };
static char fetched __initdata = 0;
char * __init
prom_getbootargs(void)
{
int iter;
char *cp, *arg;
/* This check saves us from a panic when bootfd patches args. */
if (fetched) {
return barg_buf;
}
switch (prom_vers) {
case PROM_V0:
cp = barg_buf;
/* Start from 1 and go over fd(0,0,0)kernel */
for (iter = 1; iter < 8; iter++) {
arg = (*(romvec->pv_v0bootargs))->argv[iter];
if (arg == NULL)
break;
while (*arg != 0) {
/* Leave place for space and null. */
if (cp >= barg_buf + BARG_LEN - 2)
/* We might issue a warning here. */
break;
*cp++ = *arg++;
}
*cp++ = ' ';
if (cp >= barg_buf + BARG_LEN - 1)
/* We might issue a warning here. */
break;
}
*cp = 0;
break;
case PROM_V2:
case PROM_V3:
/*
* V3 PROM cannot supply as with more than 128 bytes
* of an argument. But a smart bootstrap loader can.
*/
strscpy(barg_buf, *romvec->pv_v2bootargs.bootargs, sizeof(barg_buf));
break;
default:
break;
}
fetched = 1;
return barg_buf;
}