netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_...

[ Upstream commit 4ce1f56a1eaced2523329bef800d004e30f2f76c ]

This was found by a static analyzer.
We should not forget the trailing zero after copy_from_user()
if we will further do some string operations, sscanf() in this
case. Adding a trailing zero will ensure that the function
performs properly.

Fixes: c6385c0b67c5 ("netdevsim: Allow reporting activity on nexthop buckets")
Signed-off-by: Zichen Xie <zichenxie0106@gmail.com>
Reviewed-by: Petr Machata <petrm@nvidia.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Link: https://patch.msgid.link/20241022171907.8606-1-zichenxie0106@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/drivers/net/netdevsim/fib.c b/drivers/net/netdevsim/fib.c
index 14787d17f703fe98a29de0023b6988d10a0cf6da..b71414b3a1d40d754d6767e979d451ef94cd8f65 100644 (file)
--- a/drivers/net/netdevsim/fib.c
+++ b/drivers/net/netdevsim/fib.c
@@ -1366,10 +1366,12 @@ static ssize_t nsim_nexthop_bucket_activity_write(struct file *file,
 
        if (pos != 0)
                return -EINVAL;
-       if (size > sizeof(buf))
+       if (size > sizeof(buf) - 1)
                return -EINVAL;
        if (copy_from_user(buf, user_buf, size))
                return -EFAULT;
+       buf[size] = 0;
+
        if (sscanf(buf, "%u %hu", &nhid, &bucket_index) != 2)
                return -EINVAL;