netfilter/ipset: replace a strncpy() with strscpy()

To make overflows as obvious as possible and to prevent code from blithely proceeding with a truncated string. This also has a side-effect to fix a compilation warning when using GCC 8.2.1. net/netfilter/ipset/ip_set_core.c: In function 'ip_set_sockfn_get': net/netfilter/ipset/ip_set_core.c:2027:3: warning: 'strncpy' writing 32 bytes into a region of size 2 overflows the destination [-Wstringop-overflow=] Signed-off-by: Qian Cai <cai@gmx.us> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
author: Qian Cai <cai@gmx.us> 2018-12-01 23:06:01 -0500
committer: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> 2018-12-04 10:26:57 +0100
commit: fff435fced595bd2facf3f05d2b3b0d61988e503 (patch)
tree: a3a9a742869fea7ab3fae83c063e052a4c9b8be6
parent: dfa1dcb2ef44d075f85f73fb8caba85e3f695aac (diff)
download: ipset-fff435fced595bd2facf3f05d2b3b0d61988e503.tar.gz
1 files changed, 4 insertions, 2 deletions
diff --git a/kernel/net/netfilter/ipset/ip_set_core.c b/kernel/net/netfilter/ipset/ip_set_core.c
index b93805c..b424c04 100644
--- a/kernel/net/netfilter/ipset/ip_set_core.c
+++ b/kernel/net/netfilter/ipset/ip_set_core.c
@@ -2181,9 +2181,11 @@ ip_set_sockfn_get(struct sock *sk, int optval, void __user *user, int *len)
 		}
 		nfnl_lock(NFNL_SUBSYS_IPSET);
 		set = ip_set(inst, req_get->set.index);
-		strncpy(req_get->set.name, set ? set->name : "",
-			IPSET_MAXNAMELEN);
+		ret = strscpy(req_get->set.name, set ? set->name : "",
+			      IPSET_MAXNAMELEN);
 		nfnl_unlock(NFNL_SUBSYS_IPSET);
+		if (ret < 0)
+			goto done;
 		goto copy;
 	}
 	default:
author	Qian Cai <cai@gmx.us>	2018-12-01 23:06:01 -0500
committer	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	2018-12-04 10:26:57 +0100
commit	fff435fced595bd2facf3f05d2b3b0d61988e503 (patch)
tree	a3a9a742869fea7ab3fae83c063e052a4c9b8be6
parent	dfa1dcb2ef44d075f85f73fb8caba85e3f695aac (diff)
download	ipset-fff435fced595bd2facf3f05d2b3b0d61988e503.tar.gz