* [patch] [SCSI] bnx2i: use strlcpy() instead of memcpy() for strings
@ 2012-06-30 11:49 Dan Carpenter
2012-07-02 10:09 ` David Laight
0 siblings, 1 reply; 7+ messages in thread
From: Dan Carpenter @ 2012-06-30 11:49 UTC (permalink / raw)
To: James E.J. Bottomley, Barak Witkowski
Cc: Eddie Wai, Michael Chan, linux-scsi, netdev, David S. Miller
DRV_MODULE_VERSION here is "2.7.2.2" which is only 8 chars but we copy
12 bytes from the stack so it's a small information leak.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
This was just added to linux-next yesterday, but I'm not sure which tree
it came from.
diff --git a/drivers/scsi/bnx2i/bnx2i_init.c b/drivers/scsi/bnx2i/bnx2i_init.c
index 7729a52..b17637a 100644
--- a/drivers/scsi/bnx2i/bnx2i_init.c
+++ b/drivers/scsi/bnx2i/bnx2i_init.c
@@ -400,7 +400,7 @@ int bnx2i_get_stats(void *handle)
if (!stats)
return -ENOMEM;
- memcpy(stats->version, DRV_MODULE_VERSION, sizeof(stats->version));
+ strlcpy(stats->version, DRV_MODULE_VERSION, sizeof(stats->version));
memcpy(stats->mac_add1 + 2, hba->cnic->mac_addr, ETH_ALEN);
stats->max_frame_size = hba->netdev->mtu;
^ permalink raw reply related [flat|nested] 7+ messages in thread
* RE: [patch] [SCSI] bnx2i: use strlcpy() instead of memcpy() for strings
2012-06-30 11:49 [patch] [SCSI] bnx2i: use strlcpy() instead of memcpy() for strings Dan Carpenter
@ 2012-07-02 10:09 ` David Laight
0 siblings, 0 replies; 7+ messages in thread
From: David Laight @ 2012-07-02 10:09 UTC (permalink / raw)
To: Dan Carpenter, James E.J. Bottomley, Barak Witkowski
Cc: Eddie Wai, Michael Chan, linux-scsi, netdev, David S. Miller
> Subject: [patch] [SCSI] bnx2i: use strlcpy() instead of memcpy() for
strings
>
> DRV_MODULE_VERSION here is "2.7.2.2" which is only 8 chars but we copy
> 12 bytes from the stack so it's a small information leak.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
> This was just added to linux-next yesterday, but I'm not sure
> which tree it came from.
>
> diff --git a/drivers/scsi/bnx2i/bnx2i_init.c
> b/drivers/scsi/bnx2i/bnx2i_init.c
> index 7729a52..b17637a 100644
> --- a/drivers/scsi/bnx2i/bnx2i_init.c
> +++ b/drivers/scsi/bnx2i/bnx2i_init.c
> @@ -400,7 +400,7 @@ int bnx2i_get_stats(void *handle)
> if (!stats)
> return -ENOMEM;
>
> - memcpy(stats->version, DRV_MODULE_VERSION,
sizeof(stats->version));
> + strlcpy(stats->version, DRV_MODULE_VERSION,
sizeof(stats->version));
> memcpy(stats->mac_add1 + 2, hba->cnic->mac_addr, ETH_ALEN);
Doesn't that leak the original contents of the last bytes of
stats->version instead?
David
^ permalink raw reply [flat|nested] 7+ messages in thread
* RE: [patch] [SCSI] bnx2i: use strlcpy() instead of memcpy() for strings
@ 2012-07-02 10:09 ` David Laight
0 siblings, 0 replies; 7+ messages in thread
From: David Laight @ 2012-07-02 10:09 UTC (permalink / raw)
To: Dan Carpenter, James E.J. Bottomley, Barak Witkowski
Cc: Eddie Wai, Michael Chan, linux-scsi, netdev, David S. Miller
> Subject: [patch] [SCSI] bnx2i: use strlcpy() instead of memcpy() for
strings
>
> DRV_MODULE_VERSION here is "2.7.2.2" which is only 8 chars but we copy
> 12 bytes from the stack so it's a small information leak.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
> This was just added to linux-next yesterday, but I'm not sure
> which tree it came from.
>
> diff --git a/drivers/scsi/bnx2i/bnx2i_init.c
> b/drivers/scsi/bnx2i/bnx2i_init.c
> index 7729a52..b17637a 100644
> --- a/drivers/scsi/bnx2i/bnx2i_init.c
> +++ b/drivers/scsi/bnx2i/bnx2i_init.c
> @@ -400,7 +400,7 @@ int bnx2i_get_stats(void *handle)
> if (!stats)
> return -ENOMEM;
>
> - memcpy(stats->version, DRV_MODULE_VERSION,
sizeof(stats->version));
> + strlcpy(stats->version, DRV_MODULE_VERSION,
sizeof(stats->version));
> memcpy(stats->mac_add1 + 2, hba->cnic->mac_addr, ETH_ALEN);
Doesn't that leak the original contents of the last bytes of
stats->version instead?
David
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [patch] [SCSI] bnx2i: use strlcpy() instead of memcpy() for strings
2012-07-02 10:09 ` David Laight
(?)
@ 2012-07-02 10:48 ` Dan Carpenter
2012-07-02 15:13 ` Michael Chan
-1 siblings, 1 reply; 7+ messages in thread
From: Dan Carpenter @ 2012-07-02 10:48 UTC (permalink / raw)
To: David Laight
Cc: James E.J. Bottomley, Barak Witkowski, Eddie Wai, Michael Chan,
linux-scsi, netdev, David S. Miller
On Mon, Jul 02, 2012 at 11:09:19AM +0100, David Laight wrote:
> > Subject: [patch] [SCSI] bnx2i: use strlcpy() instead of memcpy() for
> strings
> >
> > DRV_MODULE_VERSION here is "2.7.2.2" which is only 8 chars but we copy
> > 12 bytes from the stack so it's a small information leak.
> >
> > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> > ---
> > This was just added to linux-next yesterday, but I'm not sure
> > which tree it came from.
> >
> > diff --git a/drivers/scsi/bnx2i/bnx2i_init.c
> > b/drivers/scsi/bnx2i/bnx2i_init.c
> > index 7729a52..b17637a 100644
> > --- a/drivers/scsi/bnx2i/bnx2i_init.c
> > +++ b/drivers/scsi/bnx2i/bnx2i_init.c
> > @@ -400,7 +400,7 @@ int bnx2i_get_stats(void *handle)
> > if (!stats)
> > return -ENOMEM;
> >
> > - memcpy(stats->version, DRV_MODULE_VERSION,
> sizeof(stats->version));
> > + strlcpy(stats->version, DRV_MODULE_VERSION,
> sizeof(stats->version));
> > memcpy(stats->mac_add1 + 2, hba->cnic->mac_addr, ETH_ALEN);
>
> Doesn't that leak the original contents of the last bytes of
> stats->version instead?
I'm pretty sure we set those to zero in bnx2x_handle_drv_info_req().
regards,
dan carpenter
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [patch] [SCSI] bnx2i: use strlcpy() instead of memcpy() for strings
2012-07-02 10:48 ` Dan Carpenter
@ 2012-07-02 15:13 ` Michael Chan
2012-07-02 17:53 ` Eddie Wai
2012-07-09 6:51 ` David Miller
0 siblings, 2 replies; 7+ messages in thread
From: Michael Chan @ 2012-07-02 15:13 UTC (permalink / raw)
To: Dan Carpenter
Cc: David Laight, James E.J. Bottomley, Barak Witkowski, Eddie Wai,
linux-scsi, netdev, David S. Miller
On Mon, 2012-07-02 at 13:48 +0300, Dan Carpenter wrote:
> On Mon, Jul 02, 2012 at 11:09:19AM +0100, David Laight wrote:
> > > Subject: [patch] [SCSI] bnx2i: use strlcpy() instead of memcpy() for
> > strings
> > >
> > > DRV_MODULE_VERSION here is "2.7.2.2" which is only 8 chars but we copy
> > > 12 bytes from the stack so it's a small information leak.
> > >
> > > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> > > ---
> > > This was just added to linux-next yesterday, but I'm not sure
> > > which tree it came from.
> > >
> > > diff --git a/drivers/scsi/bnx2i/bnx2i_init.c
> > > b/drivers/scsi/bnx2i/bnx2i_init.c
> > > index 7729a52..b17637a 100644
> > > --- a/drivers/scsi/bnx2i/bnx2i_init.c
> > > +++ b/drivers/scsi/bnx2i/bnx2i_init.c
> > > @@ -400,7 +400,7 @@ int bnx2i_get_stats(void *handle)
> > > if (!stats)
> > > return -ENOMEM;
> > >
> > > - memcpy(stats->version, DRV_MODULE_VERSION,
> > sizeof(stats->version));
> > > + strlcpy(stats->version, DRV_MODULE_VERSION,
> > sizeof(stats->version));
> > > memcpy(stats->mac_add1 + 2, hba->cnic->mac_addr, ETH_ALEN);
> >
> > Doesn't that leak the original contents of the last bytes of
> > stats->version instead?
>
> I'm pretty sure we set those to zero in bnx2x_handle_drv_info_req().
>
Yes, bnx2x zeros the whole stats structure, so strlcpy() is correct.
This came from the net-next tree, so David is the right persion to apply
this. Thanks.
Acked-by: Michael Chan <mchan@broadcom.com>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [patch] [SCSI] bnx2i: use strlcpy() instead of memcpy() for strings
2012-07-02 15:13 ` Michael Chan
@ 2012-07-02 17:53 ` Eddie Wai
2012-07-09 6:51 ` David Miller
1 sibling, 0 replies; 7+ messages in thread
From: Eddie Wai @ 2012-07-02 17:53 UTC (permalink / raw)
To: Michael Chan
Cc: Dan Carpenter, David Laight, James E.J. Bottomley,
Barak Witkowski, linux-scsi, netdev, David S. Miller
On Mon, 2012-07-02 at 08:13 -0700, Michael Chan wrote:
> On Mon, 2012-07-02 at 13:48 +0300, Dan Carpenter wrote:
> > On Mon, Jul 02, 2012 at 11:09:19AM +0100, David Laight wrote:
> > > > Subject: [patch] [SCSI] bnx2i: use strlcpy() instead of memcpy() for
> > > strings
> > > >
> > > > DRV_MODULE_VERSION here is "2.7.2.2" which is only 8 chars but we copy
> > > > 12 bytes from the stack so it's a small information leak.
> > > >
> > > > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> > > > ---
> > > > This was just added to linux-next yesterday, but I'm not sure
> > > > which tree it came from.
> > > >
> > > > diff --git a/drivers/scsi/bnx2i/bnx2i_init.c
> > > > b/drivers/scsi/bnx2i/bnx2i_init.c
> > > > index 7729a52..b17637a 100644
> > > > --- a/drivers/scsi/bnx2i/bnx2i_init.c
> > > > +++ b/drivers/scsi/bnx2i/bnx2i_init.c
> > > > @@ -400,7 +400,7 @@ int bnx2i_get_stats(void *handle)
> > > > if (!stats)
> > > > return -ENOMEM;
> > > >
> > > > - memcpy(stats->version, DRV_MODULE_VERSION,
> > > sizeof(stats->version));
> > > > + strlcpy(stats->version, DRV_MODULE_VERSION,
> > > sizeof(stats->version));
> > > > memcpy(stats->mac_add1 + 2, hba->cnic->mac_addr, ETH_ALEN);
> > >
> > > Doesn't that leak the original contents of the last bytes of
> > > stats->version instead?
> >
> > I'm pretty sure we set those to zero in bnx2x_handle_drv_info_req().
> >
>
> Yes, bnx2x zeros the whole stats structure, so strlcpy() is correct.
>
> This came from the net-next tree, so David is the right persion to apply
> this. Thanks.
>
> Acked-by: Michael Chan <mchan@broadcom.com>
>
True. strlcpy() is the correct routine to use (instead of strncpy) as
this needs to be NULL terminated. Thanks.
Acked-by: Eddie Wai <eddie.wai@broadcom.com>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [patch] [SCSI] bnx2i: use strlcpy() instead of memcpy() for strings
2012-07-02 15:13 ` Michael Chan
2012-07-02 17:53 ` Eddie Wai
@ 2012-07-09 6:51 ` David Miller
1 sibling, 0 replies; 7+ messages in thread
From: David Miller @ 2012-07-09 6:51 UTC (permalink / raw)
To: mchan
Cc: dan.carpenter, David.Laight, JBottomley, barak, eddie.wai,
linux-scsi, netdev
From: "Michael Chan" <mchan@broadcom.com>
Date: Mon, 2 Jul 2012 08:13:38 -0700
> This came from the net-next tree, so David is the right persion to apply
> this. Thanks.
>
> Acked-by: Michael Chan <mchan@broadcom.com>
Applied, thanks.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2012-07-09 6:51 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-06-30 11:49 [patch] [SCSI] bnx2i: use strlcpy() instead of memcpy() for strings Dan Carpenter
2012-07-02 10:09 ` David Laight
2012-07-02 10:09 ` David Laight
2012-07-02 10:48 ` Dan Carpenter
2012-07-02 15:13 ` Michael Chan
2012-07-02 17:53 ` Eddie Wai
2012-07-09 6:51 ` David Miller
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.