From: Jes Sorensen <jes@trained-monkey.org>
To: Nigel Croxon <ncroxon@redhat.com>,
mariusz.tkaczyk@linux.intel.com, neilb@suse.de, xni@redhat.com,
linux-raid@vger.kernel.org, gal.ofri@volumez.com
Subject: Re: [PATCH V5] Fix buffer size warning for strcpy
Date: Fri, 8 Oct 2021 11:46:19 -0400 [thread overview]
Message-ID: <67e9fee9-e75f-8f94-6f7b-994f7ed86bff@trained-monkey.org> (raw)
In-Reply-To: <20210825153014.2780505-1-ncroxon@redhat.com>
On 8/25/21 11:30 AM, Nigel Croxon wrote:
> To meet requirements of Common Criteria certification vulnerability
> assessment. Static code analysis has been run and found the following
> error:
> buffer_size_warning: Calling "strncpy" with a maximum size
> argument of 16 bytes on destination array "ve->name" of
> size 16 bytes might leave the destination string unterminated.
> https://people.redhat.com/ncroxon/mdadm-4.2-rc2-scan-results.html
>
> The change is to make the destination size to fit the allocated size.
>
> V5:
> Simplify the the strnlen call.
>
> V4:
> Code cleanup of the interim "if" statement.
>
> V3: Doc change only:
> The code change from filling ve->name with spaces to filling it with
> null-terminated is to comform to the SNIA - Common RAID Disk Data
> Format Specification. The format for VD_Name (ve->name) specifies
> the field to be either ASCII or UNICODE. Bit 2 of the VD_Type field
> MUST be used to determine the Unicode or ASCII format of this field.
> If this field is not used, all bytes MUST be set to zero.
>
> V2: Change from zero-terminated to zero-padded on memset and
> change from using strncpy to memcpy, feedback from Neil Brown.
>
> Tested-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
> Signed-off-by: Nigel Croxon <ncroxon@redhat.com>
> ---
> super-ddf.c | 8 +++++---
> 1 file changed, 5 insertions(+), 3 deletions(-)
Applied!
Thanks
Jes
prev parent reply other threads:[~2021-10-08 15:46 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-25 15:30 [PATCH V5] Fix buffer size warning for strcpy Nigel Croxon
2021-08-25 15:37 ` Tkaczyk, Mariusz
2021-10-08 15:46 ` Jes Sorensen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=67e9fee9-e75f-8f94-6f7b-994f7ed86bff@trained-monkey.org \
--to=jes@trained-monkey.org \
--cc=gal.ofri@volumez.com \
--cc=linux-raid@vger.kernel.org \
--cc=mariusz.tkaczyk@linux.intel.com \
--cc=ncroxon@redhat.com \
--cc=neilb@suse.de \
--cc=xni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).