1 From 2df267384cc05ac3f08f5bb3e4800b240ce773d7 Mon Sep 17 00:00:00 2001
2 From: "David S. Miller" <davem@davemloft.net>
3 Date: Fri, 27 Sep 2013 13:46:04 -0700
4 Subject: sparc64: Fix buggy strlcpy() conversion in ldom_reboot().
6 From: "David S. Miller" <davem@davemloft.net>
8 [ Upstream commit 2bd161a605f1f84a5fc8a4fe8410113a94f79355 ]
10 Commit 117a0c5fc9c2d06045bd217385b2b39ea426b5a6 ("sparc: kernel: using
11 strlcpy() instead of strcpy()") added a bug to ldom_reboot in
12 arch/sparc/kernel/ds.c
14 - strcpy(full_boot_str + strlen("boot "), boot_command);
15 + strlcpy(full_boot_str + strlen("boot "), boot_command,
16 + sizeof(full_boot_str + strlen("boot ")));
18 That last sizeof() expression evaluates to sizeof(size_t) which is
19 not what was intended.
21 Also even the corrected:
23 sizeof(full_boot_str) + strlen("boot ")
25 is not right as the destination buffer length is just plain
26 "sizeof(full_boot_str)" and that's what the final argument
29 Signed-off-by: David S. Miller <davem@davemloft.net>
30 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
32 arch/sparc/kernel/ds.c | 2 +-
33 1 file changed, 1 insertion(+), 1 deletion(-)
35 --- a/arch/sparc/kernel/ds.c
36 +++ b/arch/sparc/kernel/ds.c
37 @@ -844,7 +844,7 @@ void ldom_reboot(const char *boot_comman
39 strcpy(full_boot_str, "boot ");
40 strlcpy(full_boot_str + strlen("boot "), boot_command,
41 - sizeof(full_boot_str + strlen("boot ")));
42 + sizeof(full_boot_str));
43 len = strlen(full_boot_str);
45 if (reboot_data_supported) {