Commit 73b0eecd authored by Breno Leitao's avatar Breno Leitao Committed by Greg Kroah-Hartman

scsi: ibmvscsi: Improve strings handling

[ Upstream commit 1262dc09 ]

Currently an open firmware property is copied into partition_name variable
without keeping a room for \0.

Later one, this variable (partition_name), which is 97 bytes long, is
strncpyed into ibmvcsci_host_data->madapter_info->partition_name, which is
96 bytes long, possibly truncating it 'again' and removing the \0.

This patch simply decreases the partition name to 96 and just copy using
strlcpy() which guarantees that the string is \0 terminated. I think there
is no issue if this there is a truncation in this very first copy, i.e,
when the open firmware property is read and copied into the driver for the
very first time;

This issue also causes the following warning on GCC 8:

	drivers/scsi/ibmvscsi/ibmvscsi.c:281:2: warning:  strncpy  output may be truncated copying 96 bytes from a string of length 96 [-Wstringop-truncation]
	...
	inlined from  ibmvscsi_probe  at drivers/scsi/ibmvscsi/ibmvscsi.c:2221:7:
	drivers/scsi/ibmvscsi/ibmvscsi.c:265:3: warning:  strncpy  specified bound 97 equals destination size [-Wstringop-truncation]

CC: Bart Van Assche <bart.vanassche@wdc.com>
CC: Tyrel Datwyler <tyreld@linux.vnet.ibm.com>
Signed-off-by: default avatarBreno Leitao <leitao@debian.org>
Acked-by: default avatarTyrel Datwyler <tyreld@linux.vnet.ibm.com>
Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: default avatarSasha Levin <alexander.levin@microsoft.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 4e6c6a4f
...@@ -93,7 +93,7 @@ static int max_requests = IBMVSCSI_MAX_REQUESTS_DEFAULT; ...@@ -93,7 +93,7 @@ static int max_requests = IBMVSCSI_MAX_REQUESTS_DEFAULT;
static int max_events = IBMVSCSI_MAX_REQUESTS_DEFAULT + 2; static int max_events = IBMVSCSI_MAX_REQUESTS_DEFAULT + 2;
static int fast_fail = 1; static int fast_fail = 1;
static int client_reserve = 1; static int client_reserve = 1;
static char partition_name[97] = "UNKNOWN"; static char partition_name[96] = "UNKNOWN";
static unsigned int partition_number = -1; static unsigned int partition_number = -1;
static struct scsi_transport_template *ibmvscsi_transport_template; static struct scsi_transport_template *ibmvscsi_transport_template;
...@@ -261,7 +261,7 @@ static void gather_partition_info(void) ...@@ -261,7 +261,7 @@ static void gather_partition_info(void)
ppartition_name = of_get_property(rootdn, "ibm,partition-name", NULL); ppartition_name = of_get_property(rootdn, "ibm,partition-name", NULL);
if (ppartition_name) if (ppartition_name)
strncpy(partition_name, ppartition_name, strlcpy(partition_name, ppartition_name,
sizeof(partition_name)); sizeof(partition_name));
p_number_ptr = of_get_property(rootdn, "ibm,partition-no", NULL); p_number_ptr = of_get_property(rootdn, "ibm,partition-no", NULL);
if (p_number_ptr) if (p_number_ptr)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment