Skip to content

Commit

Permalink
lib: rpmsg: replace strncpy with internal safe_strcpy
Browse files Browse the repository at this point in the history
The strncpy function does not ensure that the destination string is
null-terminated. To address this issue, replace strncpy with the
internal safe_strcpy() function, which guarantees null-termination of the
destination string but also access only in buffer memory ranges.

Note: (void)safe_strcpy(...) indicates that the return value is
intentionally ignored.

Signed-off-by: Arnaud Pouliquen <[email protected]>
  • Loading branch information
arnopo committed Oct 14, 2024
1 parent c1eb050 commit bd2a849
Showing 1 changed file with 7 additions and 2 deletions.
9 changes: 7 additions & 2 deletions lib/rpmsg/rpmsg.c
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
* SPDX-License-Identifier: BSD-3-Clause
*/

#include <internal/string.h>
#include <openamp/rpmsg.h>
#include <metal/alloc.h>

Expand Down Expand Up @@ -141,7 +142,7 @@ int rpmsg_send_ns_message(struct rpmsg_endpoint *ept, unsigned long flags)

ns_msg.flags = flags;
ns_msg.addr = ept->addr;
strncpy(ns_msg.name, ept->name, sizeof(ns_msg.name));
(void)safe_strcpy(ns_msg.name, sizeof(ns_msg.name), ept->name, strlen(ept->name));
ret = rpmsg_send_offchannel_raw(ept, ept->addr,
RPMSG_NS_EPT_ADDR,
&ns_msg, sizeof(ns_msg), true);
Expand Down Expand Up @@ -305,7 +306,11 @@ void rpmsg_register_endpoint(struct rpmsg_device *rdev,
rpmsg_ept_cb cb,
rpmsg_ns_unbind_cb ns_unbind_cb, void *priv)
{
strncpy(ept->name, name ? name : "", sizeof(ept->name));
if (name)
(void)safe_strcpy(ept->name, sizeof(ept->name), name, sizeof(name));
else
ept->name[0] = 0;

ept->refcnt = 1;
ept->addr = src;
ept->dest_addr = dest;
Expand Down

0 comments on commit bd2a849

Please sign in to comment.