| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 9 Apr 2024 19:31:51 -0700
From: Kees Cook <keescook@...omium.org>
To: "Martin K . Petersen" <martin.petersen@...cle.com>
Cc: Kees Cook <keescook@...omium.org>,
Charles Bertsch <cbertsch@....net>,
Justin Stitt <justinstitt@...gle.com>,
Sathya Prakash <sathya.prakash@...adcom.com>,
Sreekanth Reddy <sreekanth.reddy@...adcom.com>,
Suganath Prabu Subramani <suganath-prabu.subramani@...adcom.com>,
MPT-FusionLinux.pdl@...adcom.com,
linux-scsi@...r.kernel.org,
Bart Van Assche <bvanassche@....org>,
Andy Shevchenko <andy@...nel.org>,
"James E.J. Bottomley" <jejb@...ux.ibm.com>,
Kashyap Desai <kashyap.desai@...adcom.com>,
Sumit Saxena <sumit.saxena@...adcom.com>,
Nilesh Javali <njavali@...vell.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Himanshu Madhani <himanshu.madhani@...cle.com>,
linux-kernel@...r.kernel.org,
linux-hardening@...r.kernel.org,
mpi3mr-linuxdrv.pdl@...adcom.com,
GR-QLogic-Storage-Upstream@...vell.com
Subject: [PATCH 2/5] scsi: mptfusion: Avoid possible run-time warning with long manufacturer strings
The prior strscpy() replacement of strncpy() here expected the
manufacture_reply strings to be NUL-terminated, but it is possible
they are not, as the code pattern here shows, e.g., edev->vendor_id
being exactly 1 character larger than manufacture_reply->vendor_id,
and the replaced strncpy() was copying only up to the size of the
source character array. Replace this with memtostr(), which is the
unambiguous way to convert a maybe not-NUL-terminated character array
into a NUL-terminated string.
Reported-by: Charles Bertsch <cbertsch@....net>
Closes: https://lore.kernel.org/all/5445ba0f-3e27-4d43-a9ba-0cc22ada2fce@cox.net/
Fixes: 45e833f0e5bb ("scsi: message: fusion: Replace deprecated strncpy() with strscpy()")
Signed-off-by: Kees Cook <keescook@...omium.org>
---
Cc: Justin Stitt <justinstitt@...gle.com>
Cc: Sathya Prakash <sathya.prakash@...adcom.com>
Cc: Sreekanth Reddy <sreekanth.reddy@...adcom.com>
Cc: Suganath Prabu Subramani <suganath-prabu.subramani@...adcom.com>
Cc: MPT-FusionLinux.pdl@...adcom.com
Cc: linux-scsi@...r.kernel.org
---
drivers/message/fusion/mptsas.c | 14 +++++---------
1 file changed, 5 insertions(+), 9 deletions(-)
diff --git a/drivers/message/fusion/mptsas.c b/drivers/message/fusion/mptsas.c
index 300f8e955a53..0f80c840afc3 100644
--- a/drivers/message/fusion/mptsas.c
+++ b/drivers/message/fusion/mptsas.c
@@ -2964,17 +2964,13 @@ mptsas_exp_repmanufacture_info(MPT_ADAPTER *ioc,
goto out_free;
manufacture_reply = data_out + sizeof(struct rep_manu_request);
- strscpy(edev->vendor_id, manufacture_reply->vendor_id,
- sizeof(edev->vendor_id));
- strscpy(edev->product_id, manufacture_reply->product_id,
- sizeof(edev->product_id));
- strscpy(edev->product_rev, manufacture_reply->product_rev,
- sizeof(edev->product_rev));
+ memtostr(edev->vendor_id, manufacture_reply->vendor_id);
+ memtostr(edev->product_id, manufacture_reply->product_id);
+ memtostr(edev->product_rev, manufacture_reply->product_rev);
edev->level = manufacture_reply->sas_format;
if (manufacture_reply->sas_format) {
- strscpy(edev->component_vendor_id,
- manufacture_reply->component_vendor_id,
- sizeof(edev->component_vendor_id));
+ memtostr(edev->component_vendor_id,
+ manufacture_reply->component_vendor_id);
tmp = (u8 *)&manufacture_reply->component_id;
edev->component_id = tmp[0] << 8 | tmp[1];
edev->component_revision_id =
--
2.34.1
Powered by blists - more mailing lists