From: Dan Carpenter <dan.carpenter@oracle.com>
To: Adaptec OEM Raid Solutions <aacraid@microsemi.com>,
Mahesh Rajashekhara <Mahesh.Rajashekhara@pmcs.com>
Cc: "James E.J. Bottomley" <jejb@linux.vnet.ibm.com>,
"Martin K. Petersen" <martin.petersen@oracle.com>,
linux-scsi@vger.kernel.org, kernel-janitors@vger.kernel.org
Subject: [PATCH 2/2] scsi: aacraid: Off by one NUL terminator
Date: Tue, 25 Jul 2017 19:51:10 +0000 [thread overview]
Message-ID: <20170725195110.uwrzzkzvrbfqv7ld@mwanda> (raw)
In-Reply-To: <20170725194955.dd4g6msevoesty4t@mwanda>
We're putting a NUL terminator one character beyond the end of the
struct and that's obviously wrong. On the other hand, I'm not positive
this is the correct fix. This change was added deliberately and was
mentioned in the changlog of commit b836439faf04 ("aacraid: 4KB sector
support"). The relevant section is "Also fix up a name truncation
problem". Can someone review this code and figure out the right thing
to do?
Fixes: b836439faf04 ("aacraid: 4KB sector support")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
diff --git a/drivers/scsi/aacraid/aachba.c b/drivers/scsi/aacraid/aachba.c
index 4591113c49de..22c7461f65c9 100644
--- a/drivers/scsi/aacraid/aachba.c
+++ b/drivers/scsi/aacraid/aachba.c
@@ -549,7 +549,7 @@ static void get_container_name_callback(void *context, struct fib * fibptr)
if ((le32_to_cpu(get_name_reply->status) = CT_OK)
&& (get_name_reply->data[0] != '\0')) {
char *sp = get_name_reply->data;
- sp[sizeof(((struct aac_get_name_resp *)NULL)->data)] = '\0';
+ sp[sizeof(((struct aac_get_name_resp *)NULL)->data) - 1] = '\0';
while (*sp = ' ')
++sp;
if (*sp) {
next prev parent reply other threads:[~2017-07-25 19:51 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-25 19:49 [PATCH 1/2] scsi: aacraid: reading out of bounds Dan Carpenter
2017-07-25 19:51 ` Dan Carpenter [this message]
2017-07-25 21:19 ` [PATCH 2/2] scsi: aacraid: Off by one NUL terminator Bart Van Assche
2017-07-27 3:08 ` Martin K. Petersen
2017-07-27 9:00 ` Dan Carpenter
2017-07-27 12:55 ` Martin K. Petersen
2017-07-27 16:26 ` Dave Carroll
2017-07-27 16:30 ` Martin K. Petersen
2017-07-27 16:51 ` Dave Carroll
2017-07-27 2:10 ` [PATCH 1/2] scsi: aacraid: reading out of bounds Martin K. Petersen
2017-07-27 16:12 ` Dave Carroll
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170725195110.uwrzzkzvrbfqv7ld@mwanda \
--to=dan.carpenter@oracle.com \
--cc=Mahesh.Rajashekhara@pmcs.com \
--cc=aacraid@microsemi.com \
--cc=jejb@linux.vnet.ibm.com \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=martin.petersen@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox