crypto: octeontx - Fix length check to avoid truncation in ucode_load_store

OTX_CPT_UCODE_NAME_LENGTH limits the microcode name to 64 bytes. If a
user writes a string of exactly 64 characters, the original code used
'strlen(buf) > 64' to check the length, but then strscpy() copies only
63 characters before adding a NUL terminator, silently truncating the
copied string.

Fix this off-by-one error by using 'count' directly for the length check
to ensure long names are rejected early and copied without truncation.

Cc: stable@vger.kernel.org
Fixes: d9110b0b01ff ("crypto: marvell - add support for OCTEON TX CPT engine")
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c b/drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c
index 9f5601c0280bf1f3b7ba2e11099d1dee29f9a506..417a48f413505368b89f17279116fba1c3449c8d 100644 (file)
--- a/drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c
+++ b/drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c
@@ -1326,7 +1326,7 @@ static ssize_t ucode_load_store(struct device *dev,
        int del_grp_idx = -1;
        int ucode_idx = 0;
 
-       if (strlen(buf) > OTX_CPT_UCODE_NAME_LENGTH)
+       if (count >= OTX_CPT_UCODE_NAME_LENGTH)
                return -EINVAL;
 
        eng_grps = container_of(attr, struct otx_cpt_eng_grps, ucode_load_attr);