LinuxLists.cc - [PATCH] scsi: ibmvscsis: Ensure partition name is properly NUL terminated

2018-09-11 18:17:18

Subject: [PATCH] scsi: ibmvscsis: Ensure partition name is properly NUL terminated

While reviewing another part of the code, Kees noticed that the
strncpy of the partition name might not always be NUL terminated. Switch
to using strlcpy which does this safely.

Reported-by: Kees Cook <[email protected]>
Signed-off-by: Laura Abbott <[email protected]>
---
I realized looking at this that I probably should have made
this and my previous patch a series given this has context depending on
the other patch. I can resend if the scsi maintainers want.
---
drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c b/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c
index 9305440a00a1..1217bf2a28db 100644
--- a/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c
+++ b/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c
@@ -3477,7 +3477,7 @@ static int ibmvscsis_probe(struct vio_dev *vdev,
snprintf(vscsi->eye, sizeof(vscsi->eye), "VSCSI%s", vdev->name);

vscsi->dds.unit_id = vdev->unit_address;
- strncpy(vscsi->dds.partition_name, partition_name,
+ strlcpy(vscsi->dds.partition_name, partition_name,
sizeof(vscsi->dds.partition_name));
vscsi->dds.partition_num = partition_number;

--
2.17.1

2018-09-11 18:27:12

by Kees Cook

[permalink] [raw]

Subject: Re: [PATCH] scsi: ibmvscsis: Ensure partition name is properly NUL terminated

On Tue, Sep 11, 2018 at 11:15 AM, Laura Abbott <[email protected]> wrote:
> While reviewing another part of the code, Kees noticed that the
> strncpy of the partition name might not always be NUL terminated. Switch
> to using strlcpy which does this safely.
>
> Reported-by: Kees Cook <[email protected]>
> Signed-off-by: Laura Abbott <[email protected]>
> ---
> I realized looking at this that I probably should have made
> this and my previous patch a series given this has context depending on
> the other patch. I can resend if the scsi maintainers want.
> ---
> drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c b/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c
> index 9305440a00a1..1217bf2a28db 100644
> --- a/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c
> +++ b/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c
> @@ -3477,7 +3477,7 @@ static int ibmvscsis_probe(struct vio_dev *vdev,
> snprintf(vscsi->eye, sizeof(vscsi->eye), "VSCSI%s", vdev->name);
>
> vscsi->dds.unit_id = vdev->unit_address;
> - strncpy(vscsi->dds.partition_name, partition_name,
> + strlcpy(vscsi->dds.partition_name, partition_name,

Please use strscpy() in favor of strlcpy().

-Kees

> sizeof(vscsi->dds.partition_name));
> vscsi->dds.partition_num = partition_number;
>
> --
> 2.17.1
>

--
Kees Cook
Pixel Security