Commit ed5eef11 authored by Heiko Carstens's avatar Heiko Carstens
Browse files

s390/con3270: Use strscpy() instead of strcpy() 



Use strscpy() instead of strcpy() so that bounds checking is performed
on the destination buffer. This requires to keep track of the size of
the dynamically allocated prompt memory area, which is done with a new
prompt_sz within struct tty3270.

Reviewed-by: default avatarMikhail Zaslonko <zaslonko@linux.ibm.com>
Signed-off-by: default avatarHeiko Carstens <hca@linux.ibm.com>
parent 7e7f94d1

drivers/s390/char/con3270.c

+12 −5
Original line number Diff line number Diff line
@@ -102,6 +102,7 @@ struct tty3270 { 


	/* Input stuff. */

	char *prompt;			/* Output string for input area. */

	size_t prompt_sz;		/* Size of output string. */

	char *input;			/* Input string for read request. */

	struct raw3270_request *read;	/* Single read request. */

	struct raw3270_request *kreset;	/* Single keyboard reset request. */
@@ -206,7 +207,7 @@ static int tty3270_input_size(int cols) 


static void tty3270_update_prompt(struct tty3270 *tp, char *input)

{

	strcpy(tp->prompt, input);

	strscpy(tp->prompt, input, tp->prompt_sz);

	tp->update_flags |= TTY_UPDATE_INPUT;

	tty3270_set_timer(tp, 1);

}
@@ -971,6 +972,7 @@ static void tty3270_resize(struct raw3270_view *view, 
	char *old_input, *new_input;

	struct tty_struct *tty;

	struct winsize ws;

	size_t prompt_sz;

	int new_allocated, old_allocated = tp->allocated_lines;



	if (old_model == new_model &&
@@ -982,10 +984,11 @@ static void tty3270_resize(struct raw3270_view *view, 
		return;

	}



	new_input = kzalloc(tty3270_input_size(new_cols), GFP_KERNEL | GFP_DMA);

	prompt_sz = tty3270_input_size(new_cols);

	new_input = kzalloc(prompt_sz, GFP_KERNEL | GFP_DMA);

	if (!new_input)

		return;

	new_prompt = kzalloc(tty3270_input_size(new_cols), GFP_KERNEL);

	new_prompt = kzalloc(prompt_sz, GFP_KERNEL);

	if (!new_prompt)

		goto out_input;

	screen = tty3270_alloc_screen(tp, new_rows, new_cols, &new_allocated);
@@ -1010,6 +1013,7 @@ static void tty3270_resize(struct raw3270_view *view, 
	old_rcl_lines = tp->rcl_lines;

	tp->input = new_input;

	tp->prompt = new_prompt;

	tp->prompt_sz = prompt_sz;

	tp->rcl_lines = new_rcl_lines;

	tp->rcl_read_index = 0;

	tp->rcl_write_index = 0;
@@ -1096,6 +1100,7 @@ static int 
tty3270_create_view(int index, struct tty3270 **newtp)

{

	struct tty3270 *tp;

	size_t prompt_sz;

	int rc;



	if (tty3270_max_index < index + 1)
@@ -1125,17 +1130,19 @@ tty3270_create_view(int index, struct tty3270 **newtp) 
		goto out_free_screen;

	}



	tp->input = kzalloc(tty3270_input_size(tp->view.cols), GFP_KERNEL | GFP_DMA);

	prompt_sz = tty3270_input_size(tp->view.cols);

	tp->input = kzalloc(prompt_sz, GFP_KERNEL | GFP_DMA);

	if (!tp->input) {

		rc = -ENOMEM;

		goto out_free_converted_line;

	}



	tp->prompt = kzalloc(tty3270_input_size(tp->view.cols), GFP_KERNEL);

	tp->prompt = kzalloc(prompt_sz, GFP_KERNEL);

	if (!tp->prompt) {

		rc = -ENOMEM;

		goto out_free_input;

	}

	tp->prompt_sz = prompt_sz;



	tp->rcl_lines = tty3270_alloc_recall(tp->view.cols);

	if (!tp->rcl_lines) {