Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp4247165imw; Tue, 12 Jul 2022 04:49:44 -0700 (PDT) X-Google-Smtp-Source: AGRyM1uYxWuJNJqcPYdwHEtOvzbfnLG9T4OSD+zgFFZU7mdaK2V4A55rJUJ3GdM66aaNWVneTDLn X-Received: by 2002:aa7:d5d7:0:b0:43a:6eda:464a with SMTP id d23-20020aa7d5d7000000b0043a6eda464amr31179967eds.193.1657626584106; Tue, 12 Jul 2022 04:49:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1657626584; cv=none; d=google.com; s=arc-20160816; b=n9cIokemOH0DFmhKGhnnUfgRRDEB0KRkstqAI9x28IXy3K/sYjY10sFjJrzdSPfmSq WI4yJzRUhPccQdnyU/Lzbei931G6KFqFq1cQ1n1h8Iks5JU9wlnb5fOLMuAQbuF3E0l4 34WG8Lq8WVZ6NomN5opZdqUCiSg3XYaLroxHMjIHogIhqGLRn/dCMhUspqPcMzHHhM9M zlDzQKXZd7ropmxmEgJwKxy77LAU4k8yXpl6YSwNlulSSxWYzTTWjHNi6wiv0zsh/i0f +HSRQLyKJ5PDRF0Ez4cfm0G2S4d/tsc1VfND9+tSaLt13US0yVYskqFledN+IhhrTgQO 7k2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=CuR9MEGcswdYyp1BkV2IeQ1S+5buE4+22D51STwG6GM=; b=mTp3cpWIwjz0C1fYSCdiRJHkwt5yJswUp5Sp1h/NojP724Ts4xo5GLECvH+A2Suk9/ CzQZi7yxgxMLwQ3GBmbHbvuH8+pidJFdjF5hcumkO7ydog24TwpqfZrA8dlw37EOYt5A c//+Dp9x3XViZcOTMKWuRFVbbwqzlQ6yPHz8+TlkVYHCzb1D1GPpSosbeJU05rMCqIxG bQZmZlVS0ojNKIDMScuM2KZQiLk6jSaSaxGU5ETlCmOYkyUP3WnCWeIQdYreEtujrm4M d2Td08niNUsCEikmHPDUAxtWxGujuUEl+0NkQzta1YPmble7NLQLLc/YmhsiKJm7bbuF BQUA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ispras.ru Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q29-20020a056402249d00b0043a91cd3039si2653496eda.628.2022.07.12.04.49.18; Tue, 12 Jul 2022 04:49:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ispras.ru Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231893AbiGLLjx (ORCPT + 99 others); Tue, 12 Jul 2022 07:39:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52810 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230230AbiGLLjx (ORCPT ); Tue, 12 Jul 2022 07:39:53 -0400 Received: from mail.ispras.ru (mail.ispras.ru [83.149.199.84]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 89D55AC077; Tue, 12 Jul 2022 04:39:51 -0700 (PDT) Received: from localhost.localdomain (unknown [83.149.199.65]) by mail.ispras.ru (Postfix) with ESMTPS id 8B01D40737D7; Tue, 12 Jul 2022 11:39:43 +0000 (UTC) From: Valentina Goncharenko To: Anil Gurumurthy Cc: Valentina Goncharenko , Sudarsana Kalluru , "James E.J. Bottomley" , "Martin K. Petersen" , Krishna Gudipati , James Bottomley , linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org, ldv-project@linuxtesting.org Subject: [PATCH] scsi: bfa: Harden loop checks in bfad_iocmd_ioc_get_info() Date: Tue, 12 Jul 2022 14:39:13 +0300 Message-Id: <20220712113913.350385-1-goncharenko.vp@ispras.ru> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Loop conditions 'i < BFA_STRING_32' in bfad_iocmd_ioc_get_info() do not prevent buffer overflow while writing data to 'iocmd->adapter_hwpath[i]' after the loop because on incorrect data 'i' can be incremented anyway. The patch hardens the loop conditions to avoid buffer overflow in case of invalid data, while it does not affect the processing of valid 'adapter_hwpath'. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: e6826c96ced7 ("[SCSI] bfa: Add support to read/update the FRU data.") Signed-off-by: Valentina Goncharenko --- drivers/scsi/bfa/bfad_bsg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/scsi/bfa/bfad_bsg.c b/drivers/scsi/bfa/bfad_bsg.c index be8dfbe13e90..73ef29c83262 100644 --- a/drivers/scsi/bfa/bfad_bsg.c +++ b/drivers/scsi/bfa/bfad_bsg.c @@ -98,9 +98,9 @@ bfad_iocmd_ioc_get_info(struct bfad_s *bfad, void *cmd) /* set adapter hw path */ strcpy(iocmd->adapter_hwpath, bfad->pci_name); - for (i = 0; iocmd->adapter_hwpath[i] != ':' && i < BFA_STRING_32; i++) + for (i = 0; iocmd->adapter_hwpath[i] != ':' && i < BFA_STRING_32 - 2; i++) ; - for (; iocmd->adapter_hwpath[++i] != ':' && i < BFA_STRING_32; ) + for (; iocmd->adapter_hwpath[++i] != ':' && i < BFA_STRING_32 - 1; ) ; iocmd->adapter_hwpath[i] = '\0'; iocmd->status = BFA_STATUS_OK; -- 2.25.1