[PATCH v2] wifi: ath10k: replace deprecated strncpy with memcpy
Jeff Johnson
quic_jjohnson at quicinc.com
Tue Oct 24 16:19:29 PDT 2023
On 10/24/2023 2:34 PM, Kees Cook wrote:
> On Tue, Oct 24, 2023 at 05:42:16PM +0000, Justin Stitt wrote:
>> strncpy() is deprecated [1] and we should prefer less ambiguous
>> interfaces.
>>
>> In this case, arvif->u.ap.ssid has its length maintained by
>> arvif->u.ap.ssid_len which indicates it may not need to be
>> NUL-terminated. Make this explicit with __nonstring and use a plain old
>> memcpy.
>>
>> This is also consistent with future copies into arvif->u.ap.ssid:
>>
>> if (changed & BSS_CHANGED_SSID &&
>> vif->type == NL80211_IFTYPE_AP) {
>> arvif->u.ap.ssid_len = vif->cfg.ssid_len;
>> if (vif->cfg.ssid_len)
>> memcpy(arvif->u.ap.ssid, vif->cfg.ssid,
>> vif->cfg.ssid_len);
>> arvif->u.ap.hidden_ssid = info->hidden_ssid;
>> }
>>
>> Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
>> Link: https://github.com/KSPP/linux/issues/90
>> Cc: linux-hardening at vger.kernel.org
>> Signed-off-by: Justin Stitt <justinstitt at google.com>
>> ---
>> Changes in v2:
>> - update subject to include wifi
>> - prefer memcpy() over strtomem() (thanks Kalle, Jeff)
>> - rebase onto 6.6-rc7 @d88520ad73b79e71
>> - Link to v1: https://lore.kernel.org/r/20231013-strncpy-drivers-net-wireless-ath-ath10k-mac-c-v1-1-24e40201afa3@google.com
>> ---
>> Note: build-tested only.
>>
>> Found with: $ rg "strncpy\("
>> ---
>> drivers/net/wireless/ath/ath10k/core.h | 2 +-
>> drivers/net/wireless/ath/ath10k/mac.c | 3 +--
>> 2 files changed, 2 insertions(+), 3 deletions(-)
>>
>> diff --git a/drivers/net/wireless/ath/ath10k/core.h b/drivers/net/wireless/ath/ath10k/core.h
>> index 4b5239de4018..ba9795a8378a 100644
>> --- a/drivers/net/wireless/ath/ath10k/core.h
>> +++ b/drivers/net/wireless/ath/ath10k/core.h
>> @@ -607,7 +607,7 @@ struct ath10k_vif {
>> u8 tim_bitmap[64];
>> u8 tim_len;
>> u32 ssid_len;
>> - u8 ssid[IEEE80211_MAX_SSID_LEN];
>> + u8 ssid[IEEE80211_MAX_SSID_LEN] __nonstring;
>> bool hidden_ssid;
>> /* P2P_IE with NoA attribute for P2P_GO case */
>> u32 noa_len;
>> diff --git a/drivers/net/wireless/ath/ath10k/mac.c b/drivers/net/wireless/ath/ath10k/mac.c
>> index 03e7bc5b6c0b..f3f6deb354c6 100644
>> --- a/drivers/net/wireless/ath/ath10k/mac.c
>> +++ b/drivers/net/wireless/ath/ath10k/mac.c
>> @@ -6125,9 +6125,8 @@ static void ath10k_bss_info_changed(struct ieee80211_hw *hw,
>>
>> if (ieee80211_vif_is_mesh(vif)) {
>> /* mesh doesn't use SSID but firmware needs it */
>> - strncpy(arvif->u.ap.ssid, "mesh",
>> - sizeof(arvif->u.ap.ssid));
>> arvif->u.ap.ssid_len = 4;
>> + memcpy(arvif->u.ap.ssid, "mesh", arvif->u.ap.ssid_len);
>
> This is a behavior change, isn't it? i.e. arvif->u.ap.ssid is no longer
> zero-padded. Is this actually ok for the driver?
yes, it is safe, and consistent with other uses of this field as noted
in the commit description.
More information about the ath10k
mailing list