IB/qib: Stricter bounds checking for copy to buffer

Replace 'strcpy' with 'strncpy' to restrict the number
of bytes copied to the buffer.

Reviewed-by: Michael J. Ruhl <michael.j.ruhl@intel.com>
Signed-off-by: Kamenee Arumugam <kamenee.arumugam@intel.com>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>

diff --git a/drivers/infiniband/hw/qib/qib_iba7322.c b/drivers/infiniband/hw/qib/qib_iba7322.c
index 92ae68c8e76f8d4e2aba200c9ad0ea43b0c261a3..14cadf6d621463e07a98e9e598982648729afacc 100644 (file)
--- a/drivers/infiniband/hw/qib/qib_iba7322.c
+++ b/drivers/infiniband/hw/qib/qib_iba7322.c
@@ -6175,7 +6175,7 @@ static int setup_txselect(const char *str, struct kernel_param *kp)
        unsigned long val;
        char *n;
 
-       if (strlen(str) >= MAX_ATTEN_LEN) {
+       if (strlen(str) >= ARRAY_SIZE(txselect_list)) {
                pr_info("txselect_values string too long\n");
                return -ENOSPC;
        }
@@ -6186,7 +6186,7 @@ static int setup_txselect(const char *str, struct kernel_param *kp)
                        TXDDS_TABLE_SZ + TXDDS_EXTRA_SZ + TXDDS_MFG_SZ);
                return -EINVAL;
        }
-       strcpy(txselect_list, str);
+       strncpy(txselect_list, str, ARRAY_SIZE(txselect_list) - 1);
 
        list_for_each_entry(dd, &qib_dev_list, list)
                if (dd->deviceid == PCI_DEVICE_ID_QLOGIC_IB_7322)