Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp2738685rwb;
        Fri, 2 Dec 2022 14:25:27 -0800 (PST)
X-Google-Smtp-Source: AA0mqf4LbxifLsNtEupat5DcqlWyId96g3vIhQ7grm+ByQCDIyrsdhmuX9izRIIDHrLcW54HfjHF
X-Received: by 2002:a17:906:8513:b0:7c0:a361:bf46 with SMTP id i19-20020a170906851300b007c0a361bf46mr11327362ejx.225.1670019926990;
        Fri, 02 Dec 2022 14:25:26 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1670019926; cv=none;
        d=google.com; s=arc-20160816;
        b=uqPJM/4Wzoy3RJwm9IuQTUa7zdWN7q2+3WA8Ma3ojgOj0cqlPLgrMqZ3GWyoEhrMpX
         0BkhCN40uSfQHBsigPTuhi1MRYGcQbybIDWUqrtMV4NqpezTHZ5Yqihh1raUVMtZNlb8
         AtDBrzU5OiMg66tMidmu1C/8hxOESaX26t4Nzm+d/OMpK/QGbjxw+SlO+ZZKlebuczvz
         KgQGBqxMK22c+d1rf1i4crzMfpaxokrbJNtRkoJW/6JH3AKquNHAF/U++H8r8lEQddhe
         kIo6+YT4yhJ6C0Y7JMFNLb1UtKi51DbDbCf2JSDFw5uKEb8RnQk9d9lLqD0YsKzQBD3y
         yDxQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from;
        bh=f0ZTUEC33vMmWrv+YpEHxlPUhXNCoY5kgxe+kHm6BUg=;
        b=efrRl3qE7vq9UKiLhmBnEvAtJJieXtjkARVcaFNfWoTOQLS2iOWdD8tXmraGp+aemQ
         aceLHTRUt1EKTDfMfNUzz/zI2Ace+UmL/7BHtxaMHkS3qWu7cT8gojAn7QAK6dieplKA
         5+NEigZTYoCAsuLvYhUmaS011JzxlUiiOLqbHzWGe1WHte7jEOjiI73ayUbYw9FX5/q2
         F7BqItY0/vh2So1eM9CiPdnhxD6UdUSpBPKL9fRNVO7wdXgvULbwa3x/tbiVxg1ITWuo
         0uCiKJW7ZR8TSbSqD5JN1AHeBXFaQTP0IAgeigQUYYvf7HIp8ms4sraIeS201OSP62Ym
         biqA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id mp27-20020a1709071b1b00b00781c1645926si7361418ejc.524.2022.12.02.14.25.07;
        Fri, 02 Dec 2022 14:25:26 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S234702AbiLBVqU (ORCPT <rfc822;2bno13@gmail.com> + 82 others);
        Fri, 2 Dec 2022 16:46:20 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:32778 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S233548AbiLBVqS (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 2 Dec 2022 16:46:18 -0500
Received: from gw.red-soft.ru (red-soft.ru [188.246.186.2])
        by lindbergh.monkeyblade.net (Postfix) with ESMTP id 574FCEF897
        for <linux-kernel@vger.kernel.org>; Fri,  2 Dec 2022 13:46:16 -0800 (PST)
Received: from localhost.biz (unknown [10.81.81.211])
        by gw.red-soft.ru (Postfix) with ESMTPA id 987BC3E4AD7;
        Sat,  3 Dec 2022 00:46:13 +0300 (MSK)
From:   Artem Chernyshev <artem.chernyshev@red-soft.ru>
To:     "James E.J. Bottomley" <jejb@linux.ibm.com>,
        "Martin K. Petersen" <martin.petersen@oracle.com>
Cc:     Artem Chernyshev <artem.chernyshev@red-soft.ru>,
        Saurav Kashyap <skashyap@marvell.com>,
        Javed Hasan <jhasan@marvell.com>, linux-scsi@vger.kernel.org,
        linux-kernel@vger.kernel.org, lvc-project@linuxtesting.org
Subject: [PATCH] scsi: qedf: Fix possible buffer overflow
Date:   Sat,  3 Dec 2022 00:46:07 +0300
Message-Id: <20221202214608.3784761-1-artem.chernyshev@red-soft.ru>
X-Mailer: git-send-email 2.30.3
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-KLMS-Rule-ID: 1
X-KLMS-Message-Action: clean
X-KLMS-AntiSpam-Lua-Profiles: 173907 [Dec 02 2022]
X-KLMS-AntiSpam-Version: 5.9.59.0
X-KLMS-AntiSpam-Envelope-From: artem.chernyshev@red-soft.ru
X-KLMS-AntiSpam-Rate: 0
X-KLMS-AntiSpam-Status: not_detected
X-KLMS-AntiSpam-Method: none
X-KLMS-AntiSpam-Auth: dkim=none
X-KLMS-AntiSpam-Info: LuaCore: 502 502 69dee8ef46717dd3cb3eeb129cb7cc8dab9e30f6, {Tracking_from_domain_doesnt_match_to}, 127.0.0.199:7.1.2;d41d8cd98f00b204e9800998ecf8427e.com:7.1.1;localhost.biz:7.1.1;red-soft.ru:7.1.1
X-MS-Exchange-Organization-SCL: -1
X-KLMS-AntiSpam-Interceptor-Info: scan successful
X-KLMS-AntiPhishing: Clean, bases: 2022/12/02 17:58:00
X-KLMS-AntiVirus: Kaspersky Security for Linux Mail Server, version 8.0.3.30, bases: 2022/12/02 19:57:00 #20639455
X-KLMS-AntiVirus-Status: Clean, skipped
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE,
        SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

In __qedf_probe() it is possible to overflow buffer host_buf[20]
and form non terminated string as result of passing large enough
(10 digits) number what gives us string of length 21 in sprintf()
function

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
Signed-off-by: Artem Chernyshev <artem.chernyshev@red-soft.ru>
---
 drivers/scsi/qedf/qedf_main.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/scsi/qedf/qedf_main.c b/drivers/scsi/qedf/qedf_main.c
index e045c6e25090..bab54fa07dfc 100644
--- a/drivers/scsi/qedf/qedf_main.c
+++ b/drivers/scsi/qedf/qedf_main.c
@@ -3287,7 +3287,7 @@ static int __qedf_probe(struct pci_dev *pdev, int mode)
 	struct Scsi_Host *host;
 	bool is_vf = false;
 	struct qed_ll2_params params;
-	char host_buf[20];
+	char host_buf[21];
 	struct qed_link_params link_params;
 	int status;
 	void *task_start, *task_end;
-- 
2.30.3