Skip to content

Commit ed5eef1

Browse files
hcahcahcahca
committed
s390/con3270: Use strscpy() instead of strcpy()
Use strscpy() instead of strcpy() so that bounds checking is performed on the destination buffer. This requires to keep track of the size of the dynamically allocated prompt memory area, which is done with a new prompt_sz within struct tty3270. Reviewed-by: Mikhail Zaslonko <[email protected]> Signed-off-by: Heiko Carstens <[email protected]>
1 parent 7e7f94d commit ed5eef1

File tree

1 file changed

+12
-5
lines changed

1 file changed

+12
-5
lines changed

drivers/s390/char/con3270.c

Lines changed: 12 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -102,6 +102,7 @@ struct tty3270 {
102102

103103
/* Input stuff. */
104104
char *prompt; /* Output string for input area. */
105+
size_t prompt_sz; /* Size of output string. */
105106
char *input; /* Input string for read request. */
106107
struct raw3270_request *read; /* Single read request. */
107108
struct raw3270_request *kreset; /* Single keyboard reset request. */
@@ -206,7 +207,7 @@ static int tty3270_input_size(int cols)
206207

207208
static void tty3270_update_prompt(struct tty3270 *tp, char *input)
208209
{
209-
strcpy(tp->prompt, input);
210+
strscpy(tp->prompt, input, tp->prompt_sz);
210211
tp->update_flags |= TTY_UPDATE_INPUT;
211212
tty3270_set_timer(tp, 1);
212213
}
@@ -971,6 +972,7 @@ static void tty3270_resize(struct raw3270_view *view,
971972
char *old_input, *new_input;
972973
struct tty_struct *tty;
973974
struct winsize ws;
975+
size_t prompt_sz;
974976
int new_allocated, old_allocated = tp->allocated_lines;
975977

976978
if (old_model == new_model &&
@@ -982,10 +984,11 @@ static void tty3270_resize(struct raw3270_view *view,
982984
return;
983985
}
984986

985-
new_input = kzalloc(tty3270_input_size(new_cols), GFP_KERNEL | GFP_DMA);
987+
prompt_sz = tty3270_input_size(new_cols);
988+
new_input = kzalloc(prompt_sz, GFP_KERNEL | GFP_DMA);
986989
if (!new_input)
987990
return;
988-
new_prompt = kzalloc(tty3270_input_size(new_cols), GFP_KERNEL);
991+
new_prompt = kzalloc(prompt_sz, GFP_KERNEL);
989992
if (!new_prompt)
990993
goto out_input;
991994
screen = tty3270_alloc_screen(tp, new_rows, new_cols, &new_allocated);
@@ -1010,6 +1013,7 @@ static void tty3270_resize(struct raw3270_view *view,
10101013
old_rcl_lines = tp->rcl_lines;
10111014
tp->input = new_input;
10121015
tp->prompt = new_prompt;
1016+
tp->prompt_sz = prompt_sz;
10131017
tp->rcl_lines = new_rcl_lines;
10141018
tp->rcl_read_index = 0;
10151019
tp->rcl_write_index = 0;
@@ -1096,6 +1100,7 @@ static int
10961100
tty3270_create_view(int index, struct tty3270 **newtp)
10971101
{
10981102
struct tty3270 *tp;
1103+
size_t prompt_sz;
10991104
int rc;
11001105

11011106
if (tty3270_max_index < index + 1)
@@ -1125,17 +1130,19 @@ tty3270_create_view(int index, struct tty3270 **newtp)
11251130
goto out_free_screen;
11261131
}
11271132

1128-
tp->input = kzalloc(tty3270_input_size(tp->view.cols), GFP_KERNEL | GFP_DMA);
1133+
prompt_sz = tty3270_input_size(tp->view.cols);
1134+
tp->input = kzalloc(prompt_sz, GFP_KERNEL | GFP_DMA);
11291135
if (!tp->input) {
11301136
rc = -ENOMEM;
11311137
goto out_free_converted_line;
11321138
}
11331139

1134-
tp->prompt = kzalloc(tty3270_input_size(tp->view.cols), GFP_KERNEL);
1140+
tp->prompt = kzalloc(prompt_sz, GFP_KERNEL);
11351141
if (!tp->prompt) {
11361142
rc = -ENOMEM;
11371143
goto out_free_input;
11381144
}
1145+
tp->prompt_sz = prompt_sz;
11391146

11401147
tp->rcl_lines = tty3270_alloc_recall(tp->view.cols);
11411148
if (!tp->rcl_lines) {

0 commit comments

Comments
 (0)