Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp1371653imm; Tue, 2 Oct 2018 07:14:13 -0700 (PDT) X-Google-Smtp-Source: ACcGV62yEbm8FUAm0NcEz4F56S+TXTjXCvWUv70SQoKqMbQYebkMqDniMkFlJpk4okzJkKc280b3 X-Received: by 2002:a17:902:5a0f:: with SMTP id q15-v6mr17139641pli.253.1538489652996; Tue, 02 Oct 2018 07:14:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538489652; cv=none; d=google.com; s=arc-20160816; b=IovuQaTuCr+le5Lw/gzMwNtUkVs1dIh5mGHkqlSJy+1FE2rohbGi+QNqVs8mTI4ZdK X1piucwNuWb5buVYSrwQAKJjscfO2f2Uz5zPRVRdK+1myQwQJcvXZyuEAIc0utYKp6vJ 9Cy3FpkjL9zX68hXTYJh5zxeTo1/lR/MtfY1GmkelxWWFaFTZ7bIUeK5qpVOfnmZzG+x MSTHzkL7wt1M/rc0+Mcp8Fm+j5i0mxwjO9Lbj2jSXg+KHzM/b3zxfBPjRxhiouZMAEa+ KeAlSYESjp6SNeC1jfZtxbNE1qDHt+oPukDUTS6a10BvTFbBDAImOWITi0/9YFMB5GOw CtEw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from; bh=eMpkhATaq9XW0d8q+EmxCcsVRL3YirUrE4PHXhJFzCI=; b=GGhYXk2mEnsDe6y7rRN12spf1zk6u3bnbnJBGBH36Odm5ir8So9rj8sjNA6aDCVuu9 ZqDjb9WNMgUBYAVXd/v5dQyzWmm5gSMGsijYNN3iOFxaAev+z0QHbcfj/K9Q6ROBim7o Ptx0LyiphY3ugeFxYSdSjlaHtbXjQIWhlGqyB5+SLOujKj/PlD7rRTq/PtjmaKqD57sp b2xsqM9YbokS7SR/Ge4vIOEGqcH4CTSCPr6GOXFqQPQHf3L0aY+1N/3qSe5Y+fhdKi/k a+g+qfXWrMBhRyhAxmh6tul60+KUpsxKVHe14gaHnEP0j9CJDi8XQD+NwAofQB2eFSG0 00iw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f5-v6si17270413plf.411.2018.10.02.07.13.58; Tue, 02 Oct 2018 07:14:12 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728347AbeJBUKf (ORCPT + 99 others); Tue, 2 Oct 2018 16:10:35 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:60184 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728299AbeJBUKe (ORCPT ); Tue, 2 Oct 2018 16:10:34 -0400 Received: from localhost (24-104-73-23-ip-static.hfc.comcastbusiness.net [24.104.73.23]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 2ADECC11; Tue, 2 Oct 2018 13:27:13 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Bart Van Assche , Tyrel Datwyler , Breno Leitao , "Martin K. Petersen" , Sasha Levin Subject: [PATCH 4.18 048/228] scsi: ibmvscsi: Improve strings handling Date: Tue, 2 Oct 2018 06:22:25 -0700 Message-Id: <20181002132502.406738899@linuxfoundation.org> X-Mailer: git-send-email 2.19.0 In-Reply-To: <20181002132459.032960735@linuxfoundation.org> References: <20181002132459.032960735@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.18-stable review patch. If anyone has any objections, please let me know. ------------------ From: Breno Leitao [ Upstream commit 1262dc09dc9ae7bf4ad00b6a2c5ed6a6936bcd10 ] Currently an open firmware property is copied into partition_name variable without keeping a room for \0. Later one, this variable (partition_name), which is 97 bytes long, is strncpyed into ibmvcsci_host_data->madapter_info->partition_name, which is 96 bytes long, possibly truncating it 'again' and removing the \0. This patch simply decreases the partition name to 96 and just copy using strlcpy() which guarantees that the string is \0 terminated. I think there is no issue if this there is a truncation in this very first copy, i.e, when the open firmware property is read and copied into the driver for the very first time; This issue also causes the following warning on GCC 8: drivers/scsi/ibmvscsi/ibmvscsi.c:281:2: warning: strncpy output may be truncated copying 96 bytes from a string of length 96 [-Wstringop-truncation] ... inlined from ibmvscsi_probe at drivers/scsi/ibmvscsi/ibmvscsi.c:2221:7: drivers/scsi/ibmvscsi/ibmvscsi.c:265:3: warning: strncpy specified bound 97 equals destination size [-Wstringop-truncation] CC: Bart Van Assche CC: Tyrel Datwyler Signed-off-by: Breno Leitao Acked-by: Tyrel Datwyler Signed-off-by: Martin K. Petersen Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- drivers/scsi/ibmvscsi/ibmvscsi.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/drivers/scsi/ibmvscsi/ibmvscsi.c +++ b/drivers/scsi/ibmvscsi/ibmvscsi.c @@ -93,7 +93,7 @@ static int max_requests = IBMVSCSI_MAX_R static int max_events = IBMVSCSI_MAX_REQUESTS_DEFAULT + 2; static int fast_fail = 1; static int client_reserve = 1; -static char partition_name[97] = "UNKNOWN"; +static char partition_name[96] = "UNKNOWN"; static unsigned int partition_number = -1; static LIST_HEAD(ibmvscsi_head); @@ -262,7 +262,7 @@ static void gather_partition_info(void) ppartition_name = of_get_property(of_root, "ibm,partition-name", NULL); if (ppartition_name) - strncpy(partition_name, ppartition_name, + strlcpy(partition_name, ppartition_name, sizeof(partition_name)); p_number_ptr = of_get_property(of_root, "ibm,partition-no", NULL); if (p_number_ptr)