route/tc: ensure not string truncation in rtnl_tc_set_kind()

The compiler warns:

  In function ‘rtnl_tc_set_kind’,
      inlined from ‘rtnl_tc_msg_parse’ at lib/route/tc.c:81:2:
  lib/route/tc.c:532:2: error: ‘strncpy’ output may be truncated copying 31 bytes from a string of length 31 [-Werror=stringop-truncation]
    532 |  strncpy(tc->tc_kind, kind, sizeof(tc->tc_kind) - 1);
        |  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Now, there are two choices: either accept the truncation
or rejecting it.

While rejecting it is a change in behavior and API, I don't think that
any caller actually relied on that. That is because such "kind" name would
be invalid anyway (and rejected from kernel too).

So, tighten up the API and check for a suitable string length.

Also, use _nl_strncpy() instead of strncpy(). Note that that doesn't suppress
the warning, it merely (also) adds an _nl_assert() for something that already
shouldn't happen.

1 files changed, 8 insertions, 1 deletions

diff --git a/lib/route/tc.c b/lib/route/tc.c
index 6b423a06..52099294 100644
--- a/lib/route/tc.c
+++ b/lib/route/tc.c
@@ -24,6 +24,8 @@
 #include <netlink/route/tc.h>
 #include <netlink-private/route/tc-api.h>
 
+#include "netlink-private/utils.h"
+
 /** @cond SKIP */
 
 static struct nl_list_head tc_ops_list[__RTNL_TC_TYPE_MAX];
@@ -529,7 +531,12 @@ int rtnl_tc_set_kind(struct rtnl_tc *tc, const char *kind)
 	if (tc->ce_mask & TCA_ATTR_KIND)
 		return -NLE_EXIST;
 
-	strncpy(tc->tc_kind, kind, sizeof(tc->tc_kind) - 1);
+	if (   !kind
+	    || strlen (kind) >= sizeof (tc->tc_kind))
+		return -NLE_INVAL;
+
+	_nl_strncpy(tc->tc_kind, kind, sizeof(tc->tc_kind));
+
 	tc->ce_mask |= TCA_ATTR_KIND;
 
 	/* Force allocation of data */