[PATCH next] drivers/scsi/BusLogic: Avoid overrunning static message buffer

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH next] drivers/scsi/BusLogic: Avoid overrunning static message buffer
@ 2026-06-08  9:55 david.laight.linux
  0 siblings, 0 replies; only message in thread
From: david.laight.linux @ 2026-06-08  9:55 UTC (permalink / raw)
  To: Kees Cook, linux-hardening, linux-kernel, linux-scsi
  Cc: Arnd Bergmann, James E.J. Bottomley, Khalid Aziz,
	Martin K. Petersen, David Laight

From: David Laight <david.laight.linux@gmail.com>

blogic_msg() seems to save output in a static buffer (presumably for
diagnostic reasons).
Discard copies that would overrun the buffer end.
Since the length is calculated used memcpy() not strcpy() for the copy.

Signed-off-by: David Laight <david.laight.linux@gmail.com>
---
This is one of a group of patches that remove potentially unbounded
strcpy() calls.

They are mostly replaced by strscpy() or, when strlen() has just been
called, with memcpy() (usually including the '\0').

Calls with copy string literals into arrays are left unchanged.
They are safe and easily detected as such.

The changes were made by getting the compiler to detect the calls and
then fixing the code by hand.

Note that all the changes are only compile tested.

Some Makefiles were changed to allow files to contain strcpy().
As well as 'difficult to fix' files, this included 'show' functions
as they really need to use sysfs_emit() or seq_printf().

All the patches are being sent individually to avoid very long cc lists.
Apologies for the terse commit messages and likely unexpected tags.
(There are about 100 patches in total.)

 drivers/scsi/BusLogic.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/drivers/scsi/BusLogic.c b/drivers/scsi/BusLogic.c
index 5304d2febd63..7e481dbfc521 100644
--- a/drivers/scsi/BusLogic.c
+++ b/drivers/scsi/BusLogic.c
@@ -3451,13 +3451,17 @@ static void blogic_msg(enum blogic_msglevel msglevel, char *fmt,
 	va_end(args);
 	if (msglevel == BLOGIC_ANNOUNCE_LEVEL) {
 		static int msglines = 0;
-		strcpy(&adapter->msgbuf[adapter->msgbuflen], buf);
-		adapter->msgbuflen += len;
+		if (adapter->msgbuflen + len < sizeof (adapter->msgbuf)) {
+			memcpy(&adapter->msgbuf[adapter->msgbuflen], buf, len + 1);
+			adapter->msgbuflen += len;
+		}
 		if (++msglines <= 2)
 			printk("%sscsi: %s", blogic_msglevelmap[msglevel], buf);
 	} else if (msglevel == BLOGIC_INFO_LEVEL) {
-		strcpy(&adapter->msgbuf[adapter->msgbuflen], buf);
-		adapter->msgbuflen += len;
+		if (adapter->msgbuflen + len < sizeof (adapter->msgbuf)) {
+			memcpy(&adapter->msgbuf[adapter->msgbuflen], buf, len + 1);
+			adapter->msgbuflen += len;
+		}
 		if (begin) {
 			if (buf[0] != '\n' || len > 1)
 				printk("%sscsi%d: %s", blogic_msglevelmap[msglevel], adapter->host_no, buf);
-- 
2.39.5

^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2026-06-08  9:55 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-08  9:55 [PATCH next] drivers/scsi/BusLogic: Avoid overrunning static message buffer david.laight.linux

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.