s390/con3270: Use strscpy() instead of strcpy()

Use strscpy() instead of strcpy() so that bounds checking is performed
on the destination buffer. This requires to keep track of the size of
the dynamically allocated prompt memory area, which is done with a new
prompt_sz within struct tty3270.

Reviewed-by: Mikhail Zaslonko <zaslonko@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>

diff --git a/drivers/s390/char/con3270.c b/drivers/s390/char/con3270.c
index 34f3820d7f749577c36e5d5ab947ba1e857b5e85..8402a0042c0d378e59f41ed2ec811b7e07605c8c 100644 (file)
--- a/drivers/s390/char/con3270.c
+++ b/drivers/s390/char/con3270.c
@@ -102,6 +102,7 @@ struct tty3270 {
 
        /* Input stuff. */
        char *prompt;                   /* Output string for input area. */
+       size_t prompt_sz;               /* Size of output string. */
        char *input;                    /* Input string for read request. */
        struct raw3270_request *read;   /* Single read request. */
        struct raw3270_request *kreset; /* Single keyboard reset request. */
@@ -206,7 +207,7 @@ static int tty3270_input_size(int cols)
 
 static void tty3270_update_prompt(struct tty3270 *tp, char *input)
 {
-       strcpy(tp->prompt, input);
+       strscpy(tp->prompt, input, tp->prompt_sz);
        tp->update_flags |= TTY_UPDATE_INPUT;
        tty3270_set_timer(tp, 1);
 }
@@ -971,6 +972,7 @@ static void tty3270_resize(struct raw3270_view *view,
        char *old_input, *new_input;
        struct tty_struct *tty;
        struct winsize ws;
+       size_t prompt_sz;
        int new_allocated, old_allocated = tp->allocated_lines;
 
        if (old_model == new_model &&
@@ -982,10 +984,11 @@ static void tty3270_resize(struct raw3270_view *view,
                return;
        }
 
-       new_input = kzalloc(tty3270_input_size(new_cols), GFP_KERNEL | GFP_DMA);
+       prompt_sz = tty3270_input_size(new_cols);
+       new_input = kzalloc(prompt_sz, GFP_KERNEL | GFP_DMA);
        if (!new_input)
                return;
-       new_prompt = kzalloc(tty3270_input_size(new_cols), GFP_KERNEL);
+       new_prompt = kzalloc(prompt_sz, GFP_KERNEL);
        if (!new_prompt)
                goto out_input;
        screen = tty3270_alloc_screen(tp, new_rows, new_cols, &new_allocated);
@@ -1010,6 +1013,7 @@ static void tty3270_resize(struct raw3270_view *view,
        old_rcl_lines = tp->rcl_lines;
        tp->input = new_input;
        tp->prompt = new_prompt;
+       tp->prompt_sz = prompt_sz;
        tp->rcl_lines = new_rcl_lines;
        tp->rcl_read_index = 0;
        tp->rcl_write_index = 0;
@@ -1096,6 +1100,7 @@ static int
 tty3270_create_view(int index, struct tty3270 **newtp)
 {
        struct tty3270 *tp;
+       size_t prompt_sz;
        int rc;
 
        if (tty3270_max_index < index + 1)
@@ -1125,17 +1130,19 @@ tty3270_create_view(int index, struct tty3270 **newtp)
                goto out_free_screen;
        }
 
-       tp->input = kzalloc(tty3270_input_size(tp->view.cols), GFP_KERNEL | GFP_DMA);
+       prompt_sz = tty3270_input_size(tp->view.cols);
+       tp->input = kzalloc(prompt_sz, GFP_KERNEL | GFP_DMA);
        if (!tp->input) {
                rc = -ENOMEM;
                goto out_free_converted_line;
        }
 
-       tp->prompt = kzalloc(tty3270_input_size(tp->view.cols), GFP_KERNEL);
+       tp->prompt = kzalloc(prompt_sz, GFP_KERNEL);
        if (!tp->prompt) {
                rc = -ENOMEM;
                goto out_free_input;
        }
+       tp->prompt_sz = prompt_sz;
 
        tp->rcl_lines = tty3270_alloc_recall(tp->view.cols);
        if (!tp->rcl_lines) {