--- /dev/null
+From 8a17eefa235f73b60c0ca7d397d2e4f66f85f413 Mon Sep 17 00:00:00 2001
+From: Florian Fainelli <f.fainelli@gmail.com>
+Date: Fri, 2 Mar 2018 15:08:39 -0800
+Subject: net: phy: broadcom: Use strlcpy() for ethtool::get_strings
+
+From: Florian Fainelli <f.fainelli@gmail.com>
+
+commit 8a17eefa235f73b60c0ca7d397d2e4f66f85f413 upstream.
+
+Our statistics strings are allocated at initialization without being
+bound to a specific size, yet, we would copy ETH_GSTRING_LEN bytes using
+memcpy() which would create out of bounds accesses, this was flagged by
+KASAN. Replace this with strlcpy() to make sure we are bound the source
+buffer size and we also always NUL-terminate strings.
+
+Fixes: 820ee17b8d3b ("net: phy: broadcom: Add support code for reading PHY counters")
+Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/phy/bcm-phy-lib.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/net/phy/bcm-phy-lib.c
++++ b/drivers/net/phy/bcm-phy-lib.c
+@@ -341,8 +341,8 @@ void bcm_phy_get_strings(struct phy_devi
+ unsigned int i;
+
+ for (i = 0; i < ARRAY_SIZE(bcm_phy_hw_stats); i++)
+- memcpy(data + i * ETH_GSTRING_LEN,
+- bcm_phy_hw_stats[i].string, ETH_GSTRING_LEN);
++ strlcpy(data + i * ETH_GSTRING_LEN,
++ bcm_phy_hw_stats[i].string, ETH_GSTRING_LEN);
+ }
+ EXPORT_SYMBOL_GPL(bcm_phy_get_strings);
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
