From 9fdbf1e084ce0a2994c2637f506dbde84e9f228c Mon Sep 17 00:00:00 2001 From: Mikael Olsson Date: Fri, 3 Nov 2023 15:02:13 +0100 Subject: Ensure rpmsg channel name is null-terminated Currently when the rpmsg channel name is copied from the rpmsg device, the full size of the name array is given to strncpy. This means if there is no null-terminator in that size, the name will be left unterminated. To ensure that the name is always null-terminated, the size given to strncpy is now decreased by one and the name array is zero initialized. Change-Id: I73b4b597f51a63e5dac23945735f307cb1035e25 Signed-off-by: Mikael Olsson --- kernel/ethosu_device.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/ethosu_device.c b/kernel/ethosu_device.c index 6e2351d..32fb012 100644 --- a/kernel/ethosu_device.c +++ b/kernel/ethosu_device.c @@ -334,11 +334,11 @@ static long ethosu_ioctl(struct file *file, static struct rpmsg_endpoint *ethosu_create_ept(struct rpmsg_device *rpdev) { struct device *dev = &rpdev->dev; - struct rpmsg_channel_info info; + struct rpmsg_channel_info info = { 0 }; struct rpmsg_endpoint *ept; /* Create rpmsg endpoint */ - strncpy(info.name, rpdev->id.name, sizeof(info.name)); + strncpy(info.name, rpdev->id.name, sizeof(info.name) - 1); info.src = 0; info.dst = rpdev->dst; -- cgit v1.2.1