From: Sasha Levin <Alexander.Levin@microsoft.com>
To: "stable@vger.kernel.org" <stable@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Cc: Breno Leitao <leitao@debian.org>,
Bart Van Assche <bart.vanassche@wdc.com>,
Tyrel Datwyler <tyreld@linux.vnet.ibm.com>,
"Martin K . Petersen" <martin.petersen@oracle.com>,
Sasha Levin <Alexander.Levin@microsoft.com>
Subject: [PATCH AUTOSEL 4.4 19/43] scsi: ibmvscsi: Improve strings handling
Date: Mon, 17 Sep 2018 03:05:00 +0000 [thread overview]
Message-ID: <20180917030445.484-19-alexander.levin@microsoft.com> (raw)
In-Reply-To: <20180917030445.484-1-alexander.levin@microsoft.com>
From: Breno Leitao <leitao@debian.org>
[ Upstream commit 1262dc09dc9ae7bf4ad00b6a2c5ed6a6936bcd10 ]
Currently an open firmware property is copied into partition_name variable
without keeping a room for \0.
Later one, this variable (partition_name), which is 97 bytes long, is
strncpyed into ibmvcsci_host_data->madapter_info->partition_name, which is
96 bytes long, possibly truncating it 'again' and removing the \0.
This patch simply decreases the partition name to 96 and just copy using
strlcpy() which guarantees that the string is \0 terminated. I think there
is no issue if this there is a truncation in this very first copy, i.e,
when the open firmware property is read and copied into the driver for the
very first time;
This issue also causes the following warning on GCC 8:
drivers/scsi/ibmvscsi/ibmvscsi.c:281:2: warning: strncpy output may be truncated copying 96 bytes from a string of length 96 [-Wstringop-truncation]
...
inlined from ibmvscsi_probe at drivers/scsi/ibmvscsi/ibmvscsi.c:2221:7:
drivers/scsi/ibmvscsi/ibmvscsi.c:265:3: warning: strncpy specified bound 97 equals destination size [-Wstringop-truncation]
CC: Bart Van Assche <bart.vanassche@wdc.com>
CC: Tyrel Datwyler <tyreld@linux.vnet.ibm.com>
Signed-off-by: Breno Leitao <leitao@debian.org>
Acked-by: Tyrel Datwyler <tyreld@linux.vnet.ibm.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
drivers/scsi/ibmvscsi/ibmvscsi.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/ibmvscsi/ibmvscsi.c b/drivers/scsi/ibmvscsi/ibmvscsi.c
index adfef9db6f1e..e26747a1b35a 100644
--- a/drivers/scsi/ibmvscsi/ibmvscsi.c
+++ b/drivers/scsi/ibmvscsi/ibmvscsi.c
@@ -93,7 +93,7 @@ static int max_requests = IBMVSCSI_MAX_REQUESTS_DEFAULT;
static int max_events = IBMVSCSI_MAX_REQUESTS_DEFAULT + 2;
static int fast_fail = 1;
static int client_reserve = 1;
-static char partition_name[97] = "UNKNOWN";
+static char partition_name[96] = "UNKNOWN";
static unsigned int partition_number = -1;
static struct scsi_transport_template *ibmvscsi_transport_template;
@@ -261,7 +261,7 @@ static void gather_partition_info(void)
ppartition_name = of_get_property(rootdn, "ibm,partition-name", NULL);
if (ppartition_name)
- strncpy(partition_name, ppartition_name,
+ strlcpy(partition_name, ppartition_name,
sizeof(partition_name));
p_number_ptr = of_get_property(rootdn, "ibm,partition-no", NULL);
if (p_number_ptr)
--
2.17.1
next prev parent reply other threads:[~2018-09-17 3:07 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-17 3:04 [PATCH AUTOSEL 4.4 01/43] crypto: skcipher - Fix -Wstringop-truncation warnings Sasha Levin
2018-09-17 3:04 ` [PATCH AUTOSEL 4.4 02/43] tsl2550: fix lux1_input error in low light Sasha Levin
2018-09-17 3:04 ` [PATCH AUTOSEL 4.4 03/43] vmci: type promotion bug in qp_host_get_user_memory() Sasha Levin
2018-09-17 3:04 ` [PATCH AUTOSEL 4.4 04/43] x86/numa_emulation: Fix emulated-to-physical node mapping Sasha Levin
2018-09-17 3:04 ` [PATCH AUTOSEL 4.4 05/43] staging: rts5208: fix missing error check on call to rtsx_write_register Sasha Levin
2018-09-17 3:04 ` [PATCH AUTOSEL 4.4 06/43] uwb: hwa-rc: fix memory leak at probe Sasha Levin
2018-09-17 3:04 ` [PATCH AUTOSEL 4.4 07/43] power: vexpress: fix corruption in notifier registration Sasha Levin
2018-09-17 3:04 ` [PATCH AUTOSEL 4.4 08/43] Bluetooth: Add a new Realtek 8723DE ID 0bda:b009 Sasha Levin
2018-09-17 3:04 ` [PATCH AUTOSEL 4.4 10/43] 6lowpan: iphc: reset mac_header after decompress to fix panic Sasha Levin
2018-09-17 3:04 ` [PATCH AUTOSEL 4.4 09/43] USB: serial: kobil_sct: fix modem-status error handling Sasha Levin
2018-09-17 3:04 ` [PATCH AUTOSEL 4.4 12/43] media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() Sasha Levin
2018-09-17 3:04 ` [PATCH AUTOSEL 4.4 11/43] md-cluster: clear another node's suspend_area after the copy is finished Sasha Levin
2018-09-17 3:04 ` [PATCH AUTOSEL 4.4 13/43] powerpc/kdump: Handle crashkernel memory reservation failure Sasha Levin
2018-09-17 3:04 ` [PATCH AUTOSEL 4.4 14/43] media: fsl-viu: fix error handling in viu_of_probe() Sasha Levin
2018-09-17 3:04 ` [PATCH AUTOSEL 4.4 15/43] x86/tsc: Add missing header to tsc_msr.c Sasha Levin
2018-09-17 3:04 ` [PATCH AUTOSEL 4.4 16/43] x86/entry/64: Add two more instruction suffixes Sasha Levin
2018-09-17 3:04 ` [PATCH AUTOSEL 4.4 17/43] scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 18/43] scsi: klist: Make it safe to use klists in atomic context Sasha Levin
2018-09-17 3:05 ` Sasha Levin [this message]
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 20/43] usb: wusbcore: security: cast sizeof to int for comparison Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 21/43] powerpc/powernv/ioda2: Reduce upper limit for DMA window size Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 22/43] alarmtimer: Prevent overflow for relative nanosleep Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 24/43] ALSA: snd-aoa: add of_node_put() in error path Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 23/43] s390/extmem: fix gcc 8 stringop-overflow warning Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 25/43] media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 26/43] media: soc_camera: ov772x: correct setting of banding filter Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 28/43] staging: android: ashmem: Fix mmap size validation Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 27/43] media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 29/43] drivers/tty: add error handling for pcmcia_loop_config Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 31/43] ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 30/43] media: tm6000: add error handling for dvb_register_adapter Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 33/43] rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 32/43] ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 34/43] wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 36/43] HID: hid-ntrig: add error handling for sysfs_create_group Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 35/43] ARM: mvebu: declare asm symbols as character arrays in pmsu.c Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 38/43] audit: Fix extended comparison of GID/EGID Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 37/43] scsi: bnx2i: add error handling for ioremap_nocache Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 39/43] EDAC, i7core: Fix memleaks and use-after-free on probe and remove Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 40/43] ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 42/43] nfsd: fix corrupted reply to badly ordered compound Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 41/43] module: exclude SHN_UNDEF symbols from kallsyms api Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 43/43] ARM: dts: dra7: fix DCAN node addresses Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180917030445.484-19-alexander.levin@microsoft.com \
--to=alexander.levin@microsoft.com \
--cc=bart.vanassche@wdc.com \
--cc=leitao@debian.org \
--cc=linux-kernel@vger.kernel.org \
--cc=martin.petersen@oracle.com \
--cc=stable@vger.kernel.org \
--cc=tyreld@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).