gpiolib: cdev: switch from kstrdup() to kstrndup()

Use kstrndup() to copy line labels from the userspace provided char array, rather than ensuring the char array contains a null terminator and using kstrdup(). Note that the length provided to kstrndup() still assumes that the char array does contain a null terminator, so the maximum string length is one less than the array. This is consistent with the previous behaviour. Suggested-by: Andy Shevchenko <andy.shevchenko@gmail.com> Signed-off-by: Kent Gibson <warthog618@gmail.com> Link: https://lore.kernel.org/r/20201005070246.20927-1-warthog618@gmail.comSigned-off-by: Linus Walleij <linus.walleij@linaro.org>

gpiolib: cdev: switch from kstrdup() to kstrndup()
Use kstrndup() to copy line labels from the userspace provided char array, rather than ensuring the char array contains a null terminator and using kstrdup(). Note that the length provided to kstrndup() still assumes that the char array does contain a null terminator, so the maximum string length is one less than the array. This is consistent with the previous behaviour. Suggested-by: Andy Shevchenko <andy.shevchenko@gmail.com> Signed-off-by: Kent Gibson <warthog618@gmail.com> Link: https://lore.kernel.org/r/20201005070246.20927-1-warthog618@gmail.comSigned-off-by: Linus Walleij <linus.walleij@linaro.org>
f188ac12 · Kent Gibson · Linus Walleij · 8c270fbc · f188ac12
Commit f188ac12 authored Oct 05, 2020 by Kent Gibson Committed by Linus Walleij Oct 08, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 14 deletions

drivers/gpio/gpiolib-cdev.c drivers/gpio/gpiolib-cdev.c +13 -14

No files found.
--- a/drivers/gpio/gpiolib-cdev.c
+++ b/drivers/gpio/gpiolib-cdev.c
@@ -307,11 +307,11 @@ static int linehandle_create(struct gpio_device *gdev, void __user *ip)
 	lh->gdev = gdev;
 	get_device(&gdev->dev);
-	/* Make sure this is terminated */
+	if (handlereq.consumer_label[0] != '\0') {
-	handlereq.consumer_label[sizeof(handlereq.consumer_label)-1] = '\0';
+		/* label is only initialized if consumer_label is set */
-	if (strlen(handlereq.consumer_label)) {
+		lh->label = kstrndup(handlereq.consumer_label,
-		lh->label = kstrdup(handlereq.consumer_label,
+				     sizeof(handlereq.consumer_label) - 1,
-				    GFP_KERNEL);
+				     GFP_KERNEL);
 		if (!lh->label) {
 			ret = -ENOMEM;
 			goto out_free_lh;
@@ -1322,11 +1322,10 @@ static int linereq_create(struct gpio_device *gdev, void __user *ip)
 		INIT_DELAYED_WORK(&lr->lines[i].work, debounce_work_func);
 	}
-	/* Make sure this is terminated */
+	if (ulr.consumer[0] != '\0') {
-	ulr.consumer[sizeof(ulr.consumer)-1] = '\0';
-	if (strlen(ulr.consumer)) {
 		/* label is only initialized if consumer is set */
-		lr->label = kstrdup(ulr.consumer, GFP_KERNEL);
+		lr->label = kstrndup(ulr.consumer, sizeof(ulr.consumer) - 1,
+				     GFP_KERNEL);
 		if (!lr->label) {
 			ret = -ENOMEM;
 			goto out_free_linereq;
@@ -1711,11 +1710,11 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip)
 	le->gdev = gdev;
 	get_device(&gdev->dev);
-	/* Make sure this is terminated */
+	if (eventreq.consumer_label[0] != '\0') {
-	eventreq.consumer_label[sizeof(eventreq.consumer_label)-1] = '\0';
+		/* label is only initialized if consumer_label is set */
-	if (strlen(eventreq.consumer_label)) {
+		le->label = kstrndup(eventreq.consumer_label,
-		le->label = kstrdup(eventreq.consumer_label,
+				     sizeof(eventreq.consumer_label) - 1,
-				    GFP_KERNEL);
+				     GFP_KERNEL);
 		if (!le->label) {
 			ret = -ENOMEM;
 			goto out_free_le;