diff mbox series

[net-next,1/3] net: dsa: microchip: copy string using strscpy

Message ID 20241011-string-thing-v1-1-acc506568033@kernel.org (mailing list archive)
State Superseded
Delegated to: Netdev Maintainers
Headers show
Series net: String format safety updates | expand

Checks

Context Check Description
netdev/series_format success Posting correctly formatted
netdev/tree_selection success Clearly marked for net-next
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 5 this patch: 5
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers success CCed 15 of 15 maintainers
netdev/build_clang success Errors and warnings before: 3 this patch: 3
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 4 this patch: 4
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 8 lines checked
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
netdev/contest success net-next-2024-10-12--12-00 (tests: 777)

Commit Message

Simon Horman Oct. 11, 2024, 9:57 a.m. UTC
Prior to this patch ksz_ptp_msg_irq_setup() uses snprintf() to copy
strings. It does so by passing strings as the format argument of
snprintf(). This appears to be safe, due to the absence of format
specifiers in the strings, which are declared within the same function.
But nonetheless GCC 14 warns about it:

.../ksz_ptp.c:1109:55: warning: format string is not a string literal (potentially insecure) [-Wformat-security]
 1109 |         snprintf(ptpmsg_irq->name, sizeof(ptpmsg_irq->name), name[n]);
      |                                                              ^~~~~~~
.../ksz_ptp.c:1109:55: note: treat the string as an argument to avoid this
 1109 |         snprintf(ptpmsg_irq->name, sizeof(ptpmsg_irq->name), name[n]);
      |                                                              ^
      |                                                              "%s",

As what we are really dealing with here is a string copy, it seems make
sense to use a function designed for this purpose. In this case null
padding is not required, so strscpy is appropriate. And as the
destination is an array, the 2-argument variant may be used.

Signed-off-by: Simon Horman <horms@kernel.org>
---
 drivers/net/dsa/microchip/ksz_ptp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Daniel Machon Oct. 13, 2024, 9:52 a.m. UTC | #1
> Prior to this patch ksz_ptp_msg_irq_setup() uses snprintf() to copy
> strings. It does so by passing strings as the format argument of
> snprintf(). This appears to be safe, due to the absence of format
> specifiers in the strings, which are declared within the same function.
> But nonetheless GCC 14 warns about it:
> 
> .../ksz_ptp.c:1109:55: warning: format string is not a string literal (potentially insecure) [-Wformat-security]
>  1109 |         snprintf(ptpmsg_irq->name, sizeof(ptpmsg_irq->name), name[n]);
>       |                                                              ^~~~~~~
> .../ksz_ptp.c:1109:55: note: treat the string as an argument to avoid this
>  1109 |         snprintf(ptpmsg_irq->name, sizeof(ptpmsg_irq->name), name[n]);
>       |                                                              ^
>       |                                                              "%s",
> 
> As what we are really dealing with here is a string copy, it seems make
> sense to use a function designed for this purpose. In this case null
> padding is not required, so strscpy is appropriate. And as the
> destination is an array, the 2-argument variant may be used.

.. is an array - and of fixed size.

> 
> Signed-off-by: Simon Horman <horms@kernel.org>
> ---
>  drivers/net/dsa/microchip/ksz_ptp.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/net/dsa/microchip/ksz_ptp.c b/drivers/net/dsa/microchip/ksz_ptp.c
> index 050f17c43ef6..22fb9ef4645c 100644
> --- a/drivers/net/dsa/microchip/ksz_ptp.c
> +++ b/drivers/net/dsa/microchip/ksz_ptp.c
> @@ -1106,7 +1106,7 @@ static int ksz_ptp_msg_irq_setup(struct ksz_port *port, u8 n)
>         ptpmsg_irq->port = port;
>         ptpmsg_irq->ts_reg = ops->get_port_addr(port->num, ts_reg[n]);
> 
> -       snprintf(ptpmsg_irq->name, sizeof(ptpmsg_irq->name), name[n]);
> +       strscpy(ptpmsg_irq->name, name[n]);
> 
>         ptpmsg_irq->num = irq_find_mapping(port->ptpirq.domain, n);
>         if (ptpmsg_irq->num < 0)
> 
> --
> 2.45.2
>

This looks good to me.

Reviewed-by: Daniel Machon <daniel.machon@microchip.com>
diff mbox series

Patch

diff --git a/drivers/net/dsa/microchip/ksz_ptp.c b/drivers/net/dsa/microchip/ksz_ptp.c
index 050f17c43ef6..22fb9ef4645c 100644
--- a/drivers/net/dsa/microchip/ksz_ptp.c
+++ b/drivers/net/dsa/microchip/ksz_ptp.c
@@ -1106,7 +1106,7 @@  static int ksz_ptp_msg_irq_setup(struct ksz_port *port, u8 n)
 	ptpmsg_irq->port = port;
 	ptpmsg_irq->ts_reg = ops->get_port_addr(port->num, ts_reg[n]);
 
-	snprintf(ptpmsg_irq->name, sizeof(ptpmsg_irq->name), name[n]);
+	strscpy(ptpmsg_irq->name, name[n]);
 
 	ptpmsg_irq->num = irq_find_mapping(port->ptpirq.domain, n);
 	if (ptpmsg_irq->num < 0)