* [PATCH] scsi: ibmvscsis: Fix a stringop-overflow warning
@ 2018-09-10 22:37 Laura Abbott
2018-09-10 23:30 ` Kees Cook
0 siblings, 1 reply; 4+ messages in thread
From: Laura Abbott @ 2018-09-10 22:37 UTC (permalink / raw)
To: Bryant G. Ly, Michael Cyr
Cc: Laura Abbott, James E.J. Bottomley, Martin K. Petersen,
linux-scsi, target-devel, linux-kernel, Kees Cook,
Prarit Bhargava
There's currently a warning about string overflow with strncat:
drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c: In function 'ibmvscsis_probe':
drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c:3479:2: error: 'strncat' specified
bound 64 equals destination size [-Werror=stringop-overflow=]
strncat(vscsi->eye, vdev->name, MAX_EYE);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Switch to using strlcat which correctly accounts for lengths that
are equal to the destination buffer.
Signed-off-by: Laura Abbott <labbott@redhat.com>
---
drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c b/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c
index fac377320158..53d344d8dc43 100644
--- a/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c
+++ b/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c
@@ -3475,7 +3475,7 @@ static int ibmvscsis_probe(struct vio_dev *vdev,
vscsi->dds.window[REMOTE].liobn);
strcpy(vscsi->eye, "VSCSI ");
- strncat(vscsi->eye, vdev->name, MAX_EYE);
+ strlcat(vscsi->eye, vdev->name, MAX_EYE);
vscsi->dds.unit_id = vdev->unit_address;
strncpy(vscsi->dds.partition_name, partition_name,
--
2.17.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] scsi: ibmvscsis: Fix a stringop-overflow warning
2018-09-10 22:37 [PATCH] scsi: ibmvscsis: Fix a stringop-overflow warning Laura Abbott
@ 2018-09-10 23:30 ` Kees Cook
2018-09-11 14:34 ` Bryant G. Ly
0 siblings, 1 reply; 4+ messages in thread
From: Kees Cook @ 2018-09-10 23:30 UTC (permalink / raw)
To: Laura Abbott
Cc: Bryant G. Ly, Michael Cyr, James E.J. Bottomley,
Martin K. Petersen, linux-scsi, target-devel, LKML,
Prarit Bhargava
On Mon, Sep 10, 2018 at 3:37 PM, Laura Abbott <labbott@redhat.com> wrote:
> There's currently a warning about string overflow with strncat:
>
> drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c: In function 'ibmvscsis_probe':
> drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c:3479:2: error: 'strncat' specified
> bound 64 equals destination size [-Werror=stringop-overflow=]
> strncat(vscsi->eye, vdev->name, MAX_EYE);
> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> Switch to using strlcat which correctly accounts for lengths that
> are equal to the destination buffer.
>
> Signed-off-by: Laura Abbott <labbott@redhat.com>
> ---
> drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c b/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c
> index fac377320158..53d344d8dc43 100644
> --- a/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c
> +++ b/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c
> @@ -3475,7 +3475,7 @@ static int ibmvscsis_probe(struct vio_dev *vdev,
> vscsi->dds.window[REMOTE].liobn);
>
> strcpy(vscsi->eye, "VSCSI ");
> - strncat(vscsi->eye, vdev->name, MAX_EYE);
> + strlcat(vscsi->eye, vdev->name, MAX_EYE);
Can this just get switched to snprintf() instead?
snprintf(vscsi->eye, sizeof(vscsi->eye), "VSCSI%s", vdev->name);
> vscsi->dds.unit_id = vdev->unit_address;
> strncpy(vscsi->dds.partition_name, partition_name,
And does this strncpy need a NUL-termination and/or trailing padding?
-Kees
--
Kees Cook
Pixel Security
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] scsi: ibmvscsis: Fix a stringop-overflow warning
2018-09-10 23:30 ` Kees Cook
@ 2018-09-11 14:34 ` Bryant G. Ly
2018-09-11 17:55 ` Laura Abbott
0 siblings, 1 reply; 4+ messages in thread
From: Bryant G. Ly @ 2018-09-11 14:34 UTC (permalink / raw)
To: Kees Cook, Laura Abbott
Cc: Bryant G. Ly, Michael Cyr, James E.J. Bottomley,
Martin K. Petersen, linux-scsi, target-devel, LKML,
Prarit Bhargava
On 9/10/18 6:30 PM, Kees Cook wrote:
> On Mon, Sep 10, 2018 at 3:37 PM, Laura Abbott <labbott@redhat.com> wrote:
>> There's currently a warning about string overflow with strncat:
>>
>> drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c: In function 'ibmvscsis_probe':
>> drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c:3479:2: error: 'strncat' specified
>> bound 64 equals destination size [-Werror=stringop-overflow=]
>> strncat(vscsi->eye, vdev->name, MAX_EYE);
>> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>
>> Switch to using strlcat which correctly accounts for lengths that
>> are equal to the destination buffer.
>>
>> Signed-off-by: Laura Abbott <labbott@redhat.com>
>> ---
>> drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c b/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c
>> index fac377320158..53d344d8dc43 100644
>> --- a/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c
>> +++ b/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c
>> @@ -3475,7 +3475,7 @@ static int ibmvscsis_probe(struct vio_dev *vdev,
>> vscsi->dds.window[REMOTE].liobn);
>>
>> strcpy(vscsi->eye, "VSCSI ");
>> - strncat(vscsi->eye, vdev->name, MAX_EYE);
>> + strlcat(vscsi->eye, vdev->name, MAX_EYE);
> Can this just get switched to snprintf() instead?
>
> snprintf(vscsi->eye, sizeof(vscsi->eye), "VSCSI%s", vdev->name);
Either works for me.
>
>> vscsi->dds.unit_id = vdev->unit_address;
>> strncpy(vscsi->dds.partition_name, partition_name,
> And does this strncpy need a NUL-termination and/or trailing padding?
>
Yes, good catch, it does need NUL-termination.
-Bryant
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] scsi: ibmvscsis: Fix a stringop-overflow warning
2018-09-11 14:34 ` Bryant G. Ly
@ 2018-09-11 17:55 ` Laura Abbott
0 siblings, 0 replies; 4+ messages in thread
From: Laura Abbott @ 2018-09-11 17:55 UTC (permalink / raw)
To: Bryant G. Ly, Kees Cook
Cc: Bryant G. Ly, Michael Cyr, James E.J. Bottomley,
Martin K. Petersen, linux-scsi, target-devel, LKML,
Prarit Bhargava
On 09/11/2018 07:34 AM, Bryant G. Ly wrote:
> On 9/10/18 6:30 PM, Kees Cook wrote:
>
>> On Mon, Sep 10, 2018 at 3:37 PM, Laura Abbott <labbott@redhat.com> wrote:
>>> There's currently a warning about string overflow with strncat:
>>>
>>> drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c: In function 'ibmvscsis_probe':
>>> drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c:3479:2: error: 'strncat' specified
>>> bound 64 equals destination size [-Werror=stringop-overflow=]
>>> strncat(vscsi->eye, vdev->name, MAX_EYE);
>>> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>>
>>> Switch to using strlcat which correctly accounts for lengths that
>>> are equal to the destination buffer.
>>>
>>> Signed-off-by: Laura Abbott <labbott@redhat.com>
>>> ---
>>> drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c | 2 +-
>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c b/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c
>>> index fac377320158..53d344d8dc43 100644
>>> --- a/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c
>>> +++ b/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c
>>> @@ -3475,7 +3475,7 @@ static int ibmvscsis_probe(struct vio_dev *vdev,
>>> vscsi->dds.window[REMOTE].liobn);
>>>
>>> strcpy(vscsi->eye, "VSCSI ");
>>> - strncat(vscsi->eye, vdev->name, MAX_EYE);
>>> + strlcat(vscsi->eye, vdev->name, MAX_EYE);
>> Can this just get switched to snprintf() instead?
>>
>> snprintf(vscsi->eye, sizeof(vscsi->eye), "VSCSI%s", vdev->name);
>
> Either works for me.
>
I'll switch to the snprintf since that's cleaner.
>>
>>> vscsi->dds.unit_id = vdev->unit_address;
>>> strncpy(vscsi->dds.partition_name, partition_name,
>> And does this strncpy need a NUL-termination and/or trailing padding?
>>
> Yes, good catch, it does need NUL-termination.
>
I can send that cleanup in a second patch.
> -Bryant
>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-09-11 17:55 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-09-10 22:37 [PATCH] scsi: ibmvscsis: Fix a stringop-overflow warning Laura Abbott
2018-09-10 23:30 ` Kees Cook
2018-09-11 14:34 ` Bryant G. Ly
2018-09-11 17:55 ` Laura Abbott
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox