[PATCH v3 0/2] Code cleanup and bug fix for truncated CHAP name and secret

[PATCH v3 0/2] Code cleanup and bug fix for truncated CHAP name and secret

[Nilesh Javali]

Martin,
Please consider below patch set for next 'scsi-fixes' submission.

Thanks,
Nilesh

Andrew Vasquez (1):
  qedi: Fix truncation of CHAP name and secret

Nilesh Javali (1):
  qedi: Cleanup local str variable

 drivers/scsi/qedi/qedi_main.c | 55 ++++++++++++++++++++-----------------------
 1 file changed, 26 insertions(+), 29 deletions(-)

-- 
1.8.3.1

[PATCH v3 1/2] qedi: Fix truncation of CHAP name and secret

[Nilesh Javali]

From: Andrew Vasquez <andrew.vasquez@cavium.com>

The data in NVRAM is not guaranteed to be NUL terminated.
Since snprintf expects byte-stream to accommodate null byte,
the CHAP secret is truncated.
Use sprintf instead of snprintf to fix the truncation of
CHAP name and secret.

Signed-off-by: Andrew Vasquez <andrew.vasquez@cavium.com>
Signed-off-by: Nilesh Javali <nilesh.javali@cavium.com>
---
 drivers/scsi/qedi/qedi_main.c | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/drivers/scsi/qedi/qedi_main.c b/drivers/scsi/qedi/qedi_main.c
index 8808f0d..deaed93 100644
--- a/drivers/scsi/qedi/qedi_main.c
+++ b/drivers/scsi/qedi/qedi_main.c
@@ -1842,8 +1842,8 @@ static ssize_t qedi_show_boot_ini_info(void *data, int type, char *buf)
 
 	switch (type) {
 	case ISCSI_BOOT_INI_INITIATOR_NAME:
-		rc = snprintf(str, NVM_ISCSI_CFG_ISCSI_NAME_MAX_LEN, "%s\n",
-			      initiator->initiator_name.byte);
+		rc = sprintf(str, "%.*s\n", NVM_ISCSI_CFG_ISCSI_NAME_MAX_LEN,
+			     initiator->initiator_name.byte);
 		break;
 	default:
 		rc = 0;
@@ -1910,8 +1910,8 @@ static umode_t qedi_ini_get_attr_visibility(void *data, int type)
 
 	switch (type) {
 	case ISCSI_BOOT_TGT_NAME:
-		rc = snprintf(str, NVM_ISCSI_CFG_ISCSI_NAME_MAX_LEN, "%s\n",
-			      block->target[idx].target_name.byte);
+		rc = sprintf(str, "%.*s\n", NVM_ISCSI_CFG_ISCSI_NAME_MAX_LEN,
+			     block->target[idx].target_name.byte);
 		break;
 	case ISCSI_BOOT_TGT_IP_ADDR:
 		if (ipv6_en)
@@ -1932,20 +1932,20 @@ static umode_t qedi_ini_get_attr_visibility(void *data, int type)
 			      block->target[idx].lun.value[0]);
 		break;
 	case ISCSI_BOOT_TGT_CHAP_NAME:
-		rc = snprintf(str, NVM_ISCSI_CFG_CHAP_NAME_MAX_LEN, "%s\n",
-			      chap_name);
+		rc = sprintf(str, "%.*s\n", NVM_ISCSI_CFG_CHAP_NAME_MAX_LEN,
+			     chap_name);
 		break;
 	case ISCSI_BOOT_TGT_CHAP_SECRET:
-		rc = snprintf(str, NVM_ISCSI_CFG_CHAP_PWD_MAX_LEN, "%s\n",
-			      chap_secret);
+		rc = sprintf(str, "%.*s\n", NVM_ISCSI_CFG_CHAP_NAME_MAX_LEN,
+			     chap_secret);
 		break;
 	case ISCSI_BOOT_TGT_REV_CHAP_NAME:
-		rc = snprintf(str, NVM_ISCSI_CFG_CHAP_NAME_MAX_LEN, "%s\n",
-			      mchap_name);
+		rc = sprintf(str, "%.*s\n", NVM_ISCSI_CFG_CHAP_NAME_MAX_LEN,
+			     mchap_name);
 		break;
 	case ISCSI_BOOT_TGT_REV_CHAP_SECRET:
-		rc = snprintf(str, NVM_ISCSI_CFG_CHAP_PWD_MAX_LEN, "%s\n",
-			      mchap_secret);
+		rc = sprintf(str, "%.*s\n", NVM_ISCSI_CFG_CHAP_NAME_MAX_LEN,
+			     mchap_secret);
 		break;
 	case ISCSI_BOOT_TGT_FLAGS:
 		rc = snprintf(str, 3, "%hhd\n", SYSFS_FLAG_FW_SEL_BOOT);
-- 
1.8.3.1

[PATCH v3 2/2] qedi: Cleanup local str variable

[Nilesh Javali]

Signed-off-by: Nilesh Javali <nilesh.javali@cavium.com>
---
 drivers/scsi/qedi/qedi_main.c | 43 ++++++++++++++++++++-----------------------
 1 file changed, 20 insertions(+), 23 deletions(-)

diff --git a/drivers/scsi/qedi/qedi_main.c b/drivers/scsi/qedi/qedi_main.c
index deaed93..47c45a5 100644
--- a/drivers/scsi/qedi/qedi_main.c
+++ b/drivers/scsi/qedi/qedi_main.c
@@ -1735,7 +1735,6 @@ static ssize_t qedi_show_boot_eth_info(void *data, int type, char *buf)
 {
 	struct qedi_ctx *qedi = data;
 	struct nvm_iscsi_initiator *initiator;
-	char *str = buf;
 	int rc = 1;
 	u32 ipv6_en, dhcp_en, ip_len;
 	struct nvm_iscsi_block *block;
@@ -1769,32 +1768,32 @@ static ssize_t qedi_show_boot_eth_info(void *data, int type, char *buf)
 
 	switch (type) {
 	case ISCSI_BOOT_ETH_IP_ADDR:
-		rc = snprintf(str, ip_len, fmt, ip);
+		rc = snprintf(buf, ip_len, fmt, ip);
 		break;
 	case ISCSI_BOOT_ETH_SUBNET_MASK:
-		rc = snprintf(str, ip_len, fmt, sub);
+		rc = snprintf(buf, ip_len, fmt, sub);
 		break;
 	case ISCSI_BOOT_ETH_GATEWAY:
-		rc = snprintf(str, ip_len, fmt, gw);
+		rc = snprintf(buf, ip_len, fmt, gw);
 		break;
 	case ISCSI_BOOT_ETH_FLAGS:
-		rc = snprintf(str, 3, "%hhd\n",
+		rc = snprintf(buf, 3, "%hhd\n",
 			      SYSFS_FLAG_FW_SEL_BOOT);
 		break;
 	case ISCSI_BOOT_ETH_INDEX:
-		rc = snprintf(str, 3, "0\n");
+		rc = snprintf(buf, 3, "0\n");
 		break;
 	case ISCSI_BOOT_ETH_MAC:
-		rc = sysfs_format_mac(str, qedi->mac, ETH_ALEN);
+		rc = sysfs_format_mac(buf, qedi->mac, ETH_ALEN);
 		break;
 	case ISCSI_BOOT_ETH_VLAN:
-		rc = snprintf(str, 12, "%d\n",
+		rc = snprintf(buf, 12, "%d\n",
 			      GET_FIELD2(initiator->generic_cont0,
 					 NVM_ISCSI_CFG_INITIATOR_VLAN));
 		break;
 	case ISCSI_BOOT_ETH_ORIGIN:
 		if (dhcp_en)
-			rc = snprintf(str, 3, "3\n");
+			rc = snprintf(buf, 3, "3\n");
 		break;
 	default:
 		rc = 0;
@@ -1830,7 +1829,6 @@ static ssize_t qedi_show_boot_ini_info(void *data, int type, char *buf)
 {
 	struct qedi_ctx *qedi = data;
 	struct nvm_iscsi_initiator *initiator;
-	char *str = buf;
 	int rc;
 	struct nvm_iscsi_block *block;
 
@@ -1842,7 +1840,7 @@ static ssize_t qedi_show_boot_ini_info(void *data, int type, char *buf)
 
 	switch (type) {
 	case ISCSI_BOOT_INI_INITIATOR_NAME:
-		rc = sprintf(str, "%.*s\n", NVM_ISCSI_CFG_ISCSI_NAME_MAX_LEN,
+		rc = sprintf(buf, "%.*s\n", NVM_ISCSI_CFG_ISCSI_NAME_MAX_LEN,
 			     initiator->initiator_name.byte);
 		break;
 	default:
@@ -1871,7 +1869,6 @@ static umode_t qedi_ini_get_attr_visibility(void *data, int type)
 qedi_show_boot_tgt_info(struct qedi_ctx *qedi, int type,
 			char *buf, enum qedi_nvm_tgts idx)
 {
-	char *str = buf;
 	int rc = 1;
 	u32 ctrl_flags, ipv6_en, chap_en, mchap_en, ip_len;
 	struct nvm_iscsi_block *block;
@@ -1910,48 +1907,48 @@ static umode_t qedi_ini_get_attr_visibility(void *data, int type)
 
 	switch (type) {
 	case ISCSI_BOOT_TGT_NAME:
-		rc = sprintf(str, "%.*s\n", NVM_ISCSI_CFG_ISCSI_NAME_MAX_LEN,
+		rc = sprintf(buf, "%.*s\n", NVM_ISCSI_CFG_ISCSI_NAME_MAX_LEN,
 			     block->target[idx].target_name.byte);
 		break;
 	case ISCSI_BOOT_TGT_IP_ADDR:
 		if (ipv6_en)
-			rc = snprintf(str, ip_len, "%pI6\n",
+			rc = snprintf(buf, ip_len, "%pI6\n",
 				      block->target[idx].ipv6_addr.byte);
 		else
-			rc = snprintf(str, ip_len, "%pI4\n",
+			rc = snprintf(buf, ip_len, "%pI4\n",
 				      block->target[idx].ipv4_addr.byte);
 		break;
 	case ISCSI_BOOT_TGT_PORT:
-		rc = snprintf(str, 12, "%d\n",
+		rc = snprintf(buf, 12, "%d\n",
 			      GET_FIELD2(block->target[idx].generic_cont0,
 					 NVM_ISCSI_CFG_TARGET_TCP_PORT));
 		break;
 	case ISCSI_BOOT_TGT_LUN:
-		rc = snprintf(str, 22, "%.*d\n",
+		rc = snprintf(buf, 22, "%.*d\n",
 			      block->target[idx].lun.value[1],
 			      block->target[idx].lun.value[0]);
 		break;
 	case ISCSI_BOOT_TGT_CHAP_NAME:
-		rc = sprintf(str, "%.*s\n", NVM_ISCSI_CFG_CHAP_NAME_MAX_LEN,
+		rc = sprintf(buf, "%.*s\n", NVM_ISCSI_CFG_CHAP_NAME_MAX_LEN,
 			     chap_name);
 		break;
 	case ISCSI_BOOT_TGT_CHAP_SECRET:
-		rc = sprintf(str, "%.*s\n", NVM_ISCSI_CFG_CHAP_NAME_MAX_LEN,
+		rc = sprintf(buf, "%.*s\n", NVM_ISCSI_CFG_CHAP_NAME_MAX_LEN,
 			     chap_secret);
 		break;
 	case ISCSI_BOOT_TGT_REV_CHAP_NAME:
-		rc = sprintf(str, "%.*s\n", NVM_ISCSI_CFG_CHAP_NAME_MAX_LEN,
+		rc = sprintf(buf, "%.*s\n", NVM_ISCSI_CFG_CHAP_NAME_MAX_LEN,
 			     mchap_name);
 		break;
 	case ISCSI_BOOT_TGT_REV_CHAP_SECRET:
-		rc = sprintf(str, "%.*s\n", NVM_ISCSI_CFG_CHAP_NAME_MAX_LEN,
+		rc = sprintf(buf, "%.*s\n", NVM_ISCSI_CFG_CHAP_NAME_MAX_LEN,
 			     mchap_secret);
 		break;
 	case ISCSI_BOOT_TGT_FLAGS:
-		rc = snprintf(str, 3, "%hhd\n", SYSFS_FLAG_FW_SEL_BOOT);
+		rc = snprintf(buf, 3, "%hhd\n", SYSFS_FLAG_FW_SEL_BOOT);
 		break;
 	case ISCSI_BOOT_TGT_NIC_ASSOC:
-		rc = snprintf(str, 3, "0\n");
+		rc = snprintf(buf, 3, "0\n");
 		break;
 	default:
 		rc = 0;
-- 
1.8.3.1

Re: [PATCH v3 1/2] qedi: Fix truncation of CHAP name and secret

[Bart Van Assche]

On 02/07/18 08:12, Nilesh Javali wrote:
> The data in NVRAM is not guaranteed to be NUL terminated.
> Since snprintf expects byte-stream to accommodate null byte,
> the CHAP secret is truncated.
> Use sprintf instead of snprintf to fix the truncation of
> CHAP name and secret.

Reviewed-by: Bart Van Assche <bart.vanassche@wdc.com>

Thanks for having addressed the review comments.

Bart.

Re: [PATCH v3 2/2] qedi: Cleanup local str variable

[Bart Van Assche]

On 02/07/18 08:12, Nilesh Javali wrote:
> Signed-off-by: Nilesh Javali <nilesh.javali@cavium.com>

Reviewed-by: Bart Van Assche <bart.vanassche@wdc.com>

Re: [PATCH v3 1/2] qedi: Fix truncation of CHAP name and secret

[Chris Leech]

On Wed, Feb 07, 2018 at 08:12:35AM -0800, Nilesh Javali wrote:
> From: Andrew Vasquez <andrew.vasquez@cavium.com>
> 
> The data in NVRAM is not guaranteed to be NUL terminated.
> Since snprintf expects byte-stream to accommodate null byte,
> the CHAP secret is truncated.
> Use sprintf instead of snprintf to fix the truncation of
> CHAP name and secret.
> 
> Signed-off-by: Andrew Vasquez <andrew.vasquez@cavium.com>
> Signed-off-by: Nilesh Javali <nilesh.javali@cavium.com>

Makes sense, limits the data copied out instead of the entire output
length and ensures that the newline and \0 are always in the output.

Signed-off-by: Chris Leech <cleech@redhat.com>

> ---
>  drivers/scsi/qedi/qedi_main.c | 24 ++++++++++++------------
>  1 file changed, 12 insertions(+), 12 deletions(-)
> 
> diff --git a/drivers/scsi/qedi/qedi_main.c b/drivers/scsi/qedi/qedi_main.c
> index 8808f0d..deaed93 100644
> --- a/drivers/scsi/qedi/qedi_main.c
> +++ b/drivers/scsi/qedi/qedi_main.c
> @@ -1842,8 +1842,8 @@ static ssize_t qedi_show_boot_ini_info(void *data, int type, char *buf)
>  
>  	switch (type) {
>  	case ISCSI_BOOT_INI_INITIATOR_NAME:
> -		rc = snprintf(str, NVM_ISCSI_CFG_ISCSI_NAME_MAX_LEN, "%s\n",
> -			      initiator->initiator_name.byte);
> +		rc = sprintf(str, "%.*s\n", NVM_ISCSI_CFG_ISCSI_NAME_MAX_LEN,
> +			     initiator->initiator_name.byte);
>  		break;
>  	default:
>  		rc = 0;
> @@ -1910,8 +1910,8 @@ static umode_t qedi_ini_get_attr_visibility(void *data, int type)
>  
>  	switch (type) {
>  	case ISCSI_BOOT_TGT_NAME:
> -		rc = snprintf(str, NVM_ISCSI_CFG_ISCSI_NAME_MAX_LEN, "%s\n",
> -			      block->target[idx].target_name.byte);
> +		rc = sprintf(str, "%.*s\n", NVM_ISCSI_CFG_ISCSI_NAME_MAX_LEN,
> +			     block->target[idx].target_name.byte);
>  		break;
>  	case ISCSI_BOOT_TGT_IP_ADDR:
>  		if (ipv6_en)
> @@ -1932,20 +1932,20 @@ static umode_t qedi_ini_get_attr_visibility(void *data, int type)
>  			      block->target[idx].lun.value[0]);
>  		break;
>  	case ISCSI_BOOT_TGT_CHAP_NAME:
> -		rc = snprintf(str, NVM_ISCSI_CFG_CHAP_NAME_MAX_LEN, "%s\n",
> -			      chap_name);
> +		rc = sprintf(str, "%.*s\n", NVM_ISCSI_CFG_CHAP_NAME_MAX_LEN,
> +			     chap_name);
>  		break;
>  	case ISCSI_BOOT_TGT_CHAP_SECRET:
> -		rc = snprintf(str, NVM_ISCSI_CFG_CHAP_PWD_MAX_LEN, "%s\n",
> -			      chap_secret);
> +		rc = sprintf(str, "%.*s\n", NVM_ISCSI_CFG_CHAP_NAME_MAX_LEN,
> +			     chap_secret);
>  		break;
>  	case ISCSI_BOOT_TGT_REV_CHAP_NAME:
> -		rc = snprintf(str, NVM_ISCSI_CFG_CHAP_NAME_MAX_LEN, "%s\n",
> -			      mchap_name);
> +		rc = sprintf(str, "%.*s\n", NVM_ISCSI_CFG_CHAP_NAME_MAX_LEN,
> +			     mchap_name);
>  		break;
>  	case ISCSI_BOOT_TGT_REV_CHAP_SECRET:
> -		rc = snprintf(str, NVM_ISCSI_CFG_CHAP_PWD_MAX_LEN, "%s\n",
> -			      mchap_secret);
> +		rc = sprintf(str, "%.*s\n", NVM_ISCSI_CFG_CHAP_NAME_MAX_LEN,
> +			     mchap_secret);
>  		break;
>  	case ISCSI_BOOT_TGT_FLAGS:
>  		rc = snprintf(str, 3, "%hhd\n", SYSFS_FLAG_FW_SEL_BOOT);
> -- 
> 1.8.3.1
> 

Re: [PATCH v3 2/2] qedi: Cleanup local str variable

[Chris Leech]

On Wed, Feb 07, 2018 at 08:12:36AM -0800, Nilesh Javali wrote:
> Signed-off-by: Nilesh Javali <nilesh.javali@cavium.com>

Signed-off-by: Chris Leech <cleech@redhat.com>

> ---
>  drivers/scsi/qedi/qedi_main.c | 43 ++++++++++++++++++++-----------------------
>  1 file changed, 20 insertions(+), 23 deletions(-)
> 
> diff --git a/drivers/scsi/qedi/qedi_main.c b/drivers/scsi/qedi/qedi_main.c
> index deaed93..47c45a5 100644
> --- a/drivers/scsi/qedi/qedi_main.c
> +++ b/drivers/scsi/qedi/qedi_main.c
> @@ -1735,7 +1735,6 @@ static ssize_t qedi_show_boot_eth_info(void *data, int type, char *buf)
>  {
>  	struct qedi_ctx *qedi = data;
>  	struct nvm_iscsi_initiator *initiator;
> -	char *str = buf;
>  	int rc = 1;
>  	u32 ipv6_en, dhcp_en, ip_len;
>  	struct nvm_iscsi_block *block;
> @@ -1769,32 +1768,32 @@ static ssize_t qedi_show_boot_eth_info(void *data, int type, char *buf)
>  
>  	switch (type) {
>  	case ISCSI_BOOT_ETH_IP_ADDR:
> -		rc = snprintf(str, ip_len, fmt, ip);
> +		rc = snprintf(buf, ip_len, fmt, ip);
>  		break;
>  	case ISCSI_BOOT_ETH_SUBNET_MASK:
> -		rc = snprintf(str, ip_len, fmt, sub);
> +		rc = snprintf(buf, ip_len, fmt, sub);
>  		break;
>  	case ISCSI_BOOT_ETH_GATEWAY:
> -		rc = snprintf(str, ip_len, fmt, gw);
> +		rc = snprintf(buf, ip_len, fmt, gw);
>  		break;
>  	case ISCSI_BOOT_ETH_FLAGS:
> -		rc = snprintf(str, 3, "%hhd\n",
> +		rc = snprintf(buf, 3, "%hhd\n",
>  			      SYSFS_FLAG_FW_SEL_BOOT);
>  		break;
>  	case ISCSI_BOOT_ETH_INDEX:
> -		rc = snprintf(str, 3, "0\n");
> +		rc = snprintf(buf, 3, "0\n");
>  		break;
>  	case ISCSI_BOOT_ETH_MAC:
> -		rc = sysfs_format_mac(str, qedi->mac, ETH_ALEN);
> +		rc = sysfs_format_mac(buf, qedi->mac, ETH_ALEN);
>  		break;
>  	case ISCSI_BOOT_ETH_VLAN:
> -		rc = snprintf(str, 12, "%d\n",
> +		rc = snprintf(buf, 12, "%d\n",
>  			      GET_FIELD2(initiator->generic_cont0,
>  					 NVM_ISCSI_CFG_INITIATOR_VLAN));
>  		break;
>  	case ISCSI_BOOT_ETH_ORIGIN:
>  		if (dhcp_en)
> -			rc = snprintf(str, 3, "3\n");
> +			rc = snprintf(buf, 3, "3\n");
>  		break;
>  	default:
>  		rc = 0;
> @@ -1830,7 +1829,6 @@ static ssize_t qedi_show_boot_ini_info(void *data, int type, char *buf)
>  {
>  	struct qedi_ctx *qedi = data;
>  	struct nvm_iscsi_initiator *initiator;
> -	char *str = buf;
>  	int rc;
>  	struct nvm_iscsi_block *block;
>  
> @@ -1842,7 +1840,7 @@ static ssize_t qedi_show_boot_ini_info(void *data, int type, char *buf)
>  
>  	switch (type) {
>  	case ISCSI_BOOT_INI_INITIATOR_NAME:
> -		rc = sprintf(str, "%.*s\n", NVM_ISCSI_CFG_ISCSI_NAME_MAX_LEN,
> +		rc = sprintf(buf, "%.*s\n", NVM_ISCSI_CFG_ISCSI_NAME_MAX_LEN,
>  			     initiator->initiator_name.byte);
>  		break;
>  	default:
> @@ -1871,7 +1869,6 @@ static umode_t qedi_ini_get_attr_visibility(void *data, int type)
>  qedi_show_boot_tgt_info(struct qedi_ctx *qedi, int type,
>  			char *buf, enum qedi_nvm_tgts idx)
>  {
> -	char *str = buf;
>  	int rc = 1;
>  	u32 ctrl_flags, ipv6_en, chap_en, mchap_en, ip_len;
>  	struct nvm_iscsi_block *block;
> @@ -1910,48 +1907,48 @@ static umode_t qedi_ini_get_attr_visibility(void *data, int type)
>  
>  	switch (type) {
>  	case ISCSI_BOOT_TGT_NAME:
> -		rc = sprintf(str, "%.*s\n", NVM_ISCSI_CFG_ISCSI_NAME_MAX_LEN,
> +		rc = sprintf(buf, "%.*s\n", NVM_ISCSI_CFG_ISCSI_NAME_MAX_LEN,
>  			     block->target[idx].target_name.byte);
>  		break;
>  	case ISCSI_BOOT_TGT_IP_ADDR:
>  		if (ipv6_en)
> -			rc = snprintf(str, ip_len, "%pI6\n",
> +			rc = snprintf(buf, ip_len, "%pI6\n",
>  				      block->target[idx].ipv6_addr.byte);
>  		else
> -			rc = snprintf(str, ip_len, "%pI4\n",
> +			rc = snprintf(buf, ip_len, "%pI4\n",
>  				      block->target[idx].ipv4_addr.byte);
>  		break;
>  	case ISCSI_BOOT_TGT_PORT:
> -		rc = snprintf(str, 12, "%d\n",
> +		rc = snprintf(buf, 12, "%d\n",
>  			      GET_FIELD2(block->target[idx].generic_cont0,
>  					 NVM_ISCSI_CFG_TARGET_TCP_PORT));
>  		break;
>  	case ISCSI_BOOT_TGT_LUN:
> -		rc = snprintf(str, 22, "%.*d\n",
> +		rc = snprintf(buf, 22, "%.*d\n",
>  			      block->target[idx].lun.value[1],
>  			      block->target[idx].lun.value[0]);
>  		break;
>  	case ISCSI_BOOT_TGT_CHAP_NAME:
> -		rc = sprintf(str, "%.*s\n", NVM_ISCSI_CFG_CHAP_NAME_MAX_LEN,
> +		rc = sprintf(buf, "%.*s\n", NVM_ISCSI_CFG_CHAP_NAME_MAX_LEN,
>  			     chap_name);
>  		break;
>  	case ISCSI_BOOT_TGT_CHAP_SECRET:
> -		rc = sprintf(str, "%.*s\n", NVM_ISCSI_CFG_CHAP_NAME_MAX_LEN,
> +		rc = sprintf(buf, "%.*s\n", NVM_ISCSI_CFG_CHAP_NAME_MAX_LEN,
>  			     chap_secret);
>  		break;
>  	case ISCSI_BOOT_TGT_REV_CHAP_NAME:
> -		rc = sprintf(str, "%.*s\n", NVM_ISCSI_CFG_CHAP_NAME_MAX_LEN,
> +		rc = sprintf(buf, "%.*s\n", NVM_ISCSI_CFG_CHAP_NAME_MAX_LEN,
>  			     mchap_name);
>  		break;
>  	case ISCSI_BOOT_TGT_REV_CHAP_SECRET:
> -		rc = sprintf(str, "%.*s\n", NVM_ISCSI_CFG_CHAP_NAME_MAX_LEN,
> +		rc = sprintf(buf, "%.*s\n", NVM_ISCSI_CFG_CHAP_NAME_MAX_LEN,
>  			     mchap_secret);
>  		break;
>  	case ISCSI_BOOT_TGT_FLAGS:
> -		rc = snprintf(str, 3, "%hhd\n", SYSFS_FLAG_FW_SEL_BOOT);
> +		rc = snprintf(buf, 3, "%hhd\n", SYSFS_FLAG_FW_SEL_BOOT);
>  		break;
>  	case ISCSI_BOOT_TGT_NIC_ASSOC:
> -		rc = snprintf(str, 3, "0\n");
> +		rc = snprintf(buf, 3, "0\n");
>  		break;
>  	default:
>  		rc = 0;
> -- 
> 1.8.3.1
> 

Re: [PATCH v3 1/2] qedi: Fix truncation of CHAP name and secret

[Lee Duncan]

On 02/07/2018 08:12 AM, Nilesh Javali wrote:
> From: Andrew Vasquez <andrew.vasquez@cavium.com>
> 
> The data in NVRAM is not guaranteed to be NUL terminated.
> Since snprintf expects byte-stream to accommodate null byte,
> the CHAP secret is truncated.
> Use sprintf instead of snprintf to fix the truncation of
> CHAP name and secret.
> 
> Signed-off-by: Andrew Vasquez <andrew.vasquez@cavium.com>
> Signed-off-by: Nilesh Javali <nilesh.javali@cavium.com>
> ---
>  drivers/scsi/qedi/qedi_main.c | 24 ++++++++++++------------
>  1 file changed, 12 insertions(+), 12 deletions(-)
> 
> ...

Signed-off-by: Lee Duncan <lduncan@suse.com>

-- 
Lee Duncan

Re: [PATCH v3 2/2] qedi: Cleanup local str variable

[Lee Duncan]

On 02/07/2018 08:12 AM, Nilesh Javali wrote:
> Signed-off-by: Nilesh Javali <nilesh.javali@cavium.com>
> ---
>  drivers/scsi/qedi/qedi_main.c | 43 ++++++++++++++++++++-----------------------
>  1 file changed, 20 insertions(+), 23 deletions(-)
> 
> diff --git a/drivers/scsi/qedi/qedi_main.c b/drivers/scsi/qedi/qedi_main.c
> ...

Signed-off-by: Lee Duncan <lduncan@suse.com>
-- 
Lee Duncan
SUSE Labs

Re: [PATCH v3 0/2] Code cleanup and bug fix for truncated CHAP name and secret

[Martin K. Petersen]

Nilesh,

> Please consider below patch set for next 'scsi-fixes' submission.

Applied to 4.16/scsi-fixes. Thank you!

-- 
Martin K. Petersen	Oracle Linux Engineering