From: Bart Van Assche <Bart.VanAssche@wdc.com>
To: "aacraid@microsemi.com" <aacraid@microsemi.com>,
"Mahesh.Rajashekhara@pmcs.com" <Mahesh.Rajashekhara@pmcs.com>,
"dan.carpenter@oracle.com" <dan.carpenter@oracle.com>
Cc: "jejb@linux.vnet.ibm.com" <jejb@linux.vnet.ibm.com>,
"linux-scsi@vger.kernel.org" <linux-scsi@vger.kernel.org>,
"martin.petersen@oracle.com" <martin.petersen@oracle.com>,
"kernel-janitors@vger.kernel.org"
<kernel-janitors@vger.kernel.org>
Subject: Re: [PATCH 2/2] scsi: aacraid: Off by one NUL terminator
Date: Tue, 25 Jul 2017 21:19:10 +0000 [thread overview]
Message-ID: <1501017548.8931.9.camel@wdc.com> (raw)
In-Reply-To: <20170725195110.uwrzzkzvrbfqv7ld@mwanda>
On Tue, 2017-07-25 at 22:51 +0300, Dan Carpenter wrote:
> We're putting a NUL terminator one character beyond the end of the
> struct and that's obviously wrong. On the other hand, I'm not positive
> this is the correct fix. This change was added deliberately and was
> mentioned in the changlog of commit b836439faf04 ("aacraid: 4KB sector
> support"). The relevant section is "Also fix up a name truncation
> problem". Can someone review this code and figure out the right thing
> to do?
>
> Fixes: b836439faf04 ("aacraid: 4KB sector support")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>
> diff --git a/drivers/scsi/aacraid/aachba.c b/drivers/scsi/aacraid/aachba.c
> index 4591113c49de..22c7461f65c9 100644
> --- a/drivers/scsi/aacraid/aachba.c
> +++ b/drivers/scsi/aacraid/aachba.c
> @@ -549,7 +549,7 @@ static void get_container_name_callback(void *context, struct fib * fibptr)
> if ((le32_to_cpu(get_name_reply->status) == CT_OK)
> && (get_name_reply->data[0] != '\0')) {
> char *sp = get_name_reply->data;
> - sp[sizeof(((struct aac_get_name_resp *)NULL)->data)] = '\0';
> + sp[sizeof(((struct aac_get_name_resp *)NULL)->data) - 1] = '\0';
> while (*sp == ' ')
> ++sp;
> if (*sp) {
Hello Dan,
If others agree with the approach of this patch, please use FIELD_SIZEOF()
instead of leaving it open-coded.
Thanks,
Bart.
next prev parent reply other threads:[~2017-07-25 21:19 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-25 19:49 [PATCH 1/2] scsi: aacraid: reading out of bounds Dan Carpenter
2017-07-25 19:49 ` Dan Carpenter
2017-07-25 19:51 ` [PATCH 2/2] scsi: aacraid: Off by one NUL terminator Dan Carpenter
2017-07-25 19:51 ` Dan Carpenter
2017-07-25 21:19 ` Bart Van Assche [this message]
2017-07-27 3:08 ` Martin K. Petersen
2017-07-27 3:08 ` Martin K. Petersen
2017-07-27 9:00 ` Dan Carpenter
2017-07-27 9:00 ` Dan Carpenter
2017-07-27 12:55 ` Martin K. Petersen
2017-07-27 12:55 ` Martin K. Petersen
2017-07-27 16:26 ` Dave Carroll
2017-07-27 16:30 ` Martin K. Petersen
2017-07-27 16:30 ` Martin K. Petersen
2017-07-27 16:51 ` Dave Carroll
2017-07-27 2:10 ` [PATCH 1/2] scsi: aacraid: reading out of bounds Martin K. Petersen
2017-07-27 2:10 ` Martin K. Petersen
2017-07-27 16:12 ` Dave Carroll
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1501017548.8931.9.camel@wdc.com \
--to=bart.vanassche@wdc.com \
--cc=Mahesh.Rajashekhara@pmcs.com \
--cc=aacraid@microsemi.com \
--cc=dan.carpenter@oracle.com \
--cc=jejb@linux.vnet.ibm.com \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=martin.petersen@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.