From mboxrd@z Thu Jan 1 00:00:00 1970 From: Dan Carpenter Subject: Re: [patch] [SCSI] bnx2i: use strlcpy() instead of memcpy() for strings Date: Mon, 2 Jul 2012 13:48:43 +0300 Message-ID: <20120702104843.GB4519@mwanda> References: <20120630114935.GB22767@elgon.mountain> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: "James E.J. Bottomley" , Barak Witkowski , Eddie Wai , Michael Chan , linux-scsi@vger.kernel.org, netdev@vger.kernel.org, "David S. Miller" To: David Laight Return-path: Content-Disposition: inline In-Reply-To: Sender: linux-scsi-owner@vger.kernel.org List-Id: netdev.vger.kernel.org On Mon, Jul 02, 2012 at 11:09:19AM +0100, David Laight wrote: > > Subject: [patch] [SCSI] bnx2i: use strlcpy() instead of memcpy() for > strings > > > > DRV_MODULE_VERSION here is "2.7.2.2" which is only 8 chars but we copy > > 12 bytes from the stack so it's a small information leak. > > > > Signed-off-by: Dan Carpenter > > --- > > This was just added to linux-next yesterday, but I'm not sure > > which tree it came from. > > > > diff --git a/drivers/scsi/bnx2i/bnx2i_init.c > > b/drivers/scsi/bnx2i/bnx2i_init.c > > index 7729a52..b17637a 100644 > > --- a/drivers/scsi/bnx2i/bnx2i_init.c > > +++ b/drivers/scsi/bnx2i/bnx2i_init.c > > @@ -400,7 +400,7 @@ int bnx2i_get_stats(void *handle) > > if (!stats) > > return -ENOMEM; > > > > - memcpy(stats->version, DRV_MODULE_VERSION, > sizeof(stats->version)); > > + strlcpy(stats->version, DRV_MODULE_VERSION, > sizeof(stats->version)); > > memcpy(stats->mac_add1 + 2, hba->cnic->mac_addr, ETH_ALEN); > > Doesn't that leak the original contents of the last bytes of > stats->version instead? I'm pretty sure we set those to zero in bnx2x_handle_drv_info_req(). regards, dan carpenter