tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

scsi: target: Replace all non-returning strlcpy() with strscpy()

strlcpy() reads the entire source buffer first. This read may exceed the
destination size limit. This is both inefficient and can lead to linear
read overflows if a source string is not NUL-terminated [1]. In an effort
to remove strlcpy() completely [2], replace strlcpy() here with strscpy().
No return values were used, so direct replacement is safe.

[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
[2] https://github.com/KSPP/linux/issues/89

Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
Link: https://lore.kernel.org/r/20230516025322.2804923-1-azeemshaikh38@gmail.com
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

authored by

Azeem Shaikh and committed by
Martin K. Petersen 0871237a 973464fd

+12 -12
+2 -2
drivers/target/iscsi/iscsi_target_parameters.c
··· 726 726 } 727 727 INIT_LIST_HEAD(&extra_response->er_list); 728 728 729 - strlcpy(extra_response->key, key, sizeof(extra_response->key)); 730 - strlcpy(extra_response->value, NOTUNDERSTOOD, 729 + strscpy(extra_response->key, key, sizeof(extra_response->key)); 730 + strscpy(extra_response->value, NOTUNDERSTOOD, 731 731 sizeof(extra_response->value)); 732 732 733 733 list_add_tail(&extra_response->er_list,
+2 -2
drivers/target/iscsi/iscsi_target_util.c
··· 1321 1321 if (conn->param_list) 1322 1322 intrname = iscsi_find_param_from_key(INITIATORNAME, 1323 1323 conn->param_list); 1324 - strlcpy(ls->last_intr_fail_name, 1324 + strscpy(ls->last_intr_fail_name, 1325 1325 (intrname ? intrname->value : "Unknown"), 1326 1326 sizeof(ls->last_intr_fail_name)); 1327 1327 ··· 1360 1360 return; 1361 1361 1362 1362 spin_lock_bh(&tiqn->sess_err_stats.lock); 1363 - strlcpy(tiqn->sess_err_stats.last_sess_fail_rem_name, 1363 + strscpy(tiqn->sess_err_stats.last_sess_fail_rem_name, 1364 1364 sess->sess_ops->InitiatorName, 1365 1365 sizeof(tiqn->sess_err_stats.last_sess_fail_rem_name)); 1366 1366 tiqn->sess_err_stats.last_sess_failure_type =
+5 -5
drivers/target/target_core_configfs.c
··· 649 649 * here without potentially breaking existing setups, so continue to 650 650 * truncate one byte shorter than what can be carried in INQUIRY. 651 651 */ 652 - strlcpy(dev->t10_wwn.model, configname, INQUIRY_MODEL_LEN); 652 + strscpy(dev->t10_wwn.model, configname, INQUIRY_MODEL_LEN); 653 653 } 654 654 655 655 static ssize_t emulate_model_alias_store(struct config_item *item, ··· 675 675 if (flag) { 676 676 dev_set_t10_wwn_model_alias(dev); 677 677 } else { 678 - strlcpy(dev->t10_wwn.model, dev->transport->inquiry_prod, 678 + strscpy(dev->t10_wwn.model, dev->transport->inquiry_prod, 679 679 sizeof(dev->t10_wwn.model)); 680 680 } 681 681 da->emulate_model_alias = flag; ··· 1426 1426 } 1427 1427 1428 1428 BUILD_BUG_ON(sizeof(dev->t10_wwn.vendor) != INQUIRY_VENDOR_LEN + 1); 1429 - strlcpy(dev->t10_wwn.vendor, stripped, sizeof(dev->t10_wwn.vendor)); 1429 + strscpy(dev->t10_wwn.vendor, stripped, sizeof(dev->t10_wwn.vendor)); 1430 1430 1431 1431 pr_debug("Target_Core_ConfigFS: Set emulated T10 Vendor Identification:" 1432 1432 " %s\n", dev->t10_wwn.vendor); ··· 1482 1482 } 1483 1483 1484 1484 BUILD_BUG_ON(sizeof(dev->t10_wwn.model) != INQUIRY_MODEL_LEN + 1); 1485 - strlcpy(dev->t10_wwn.model, stripped, sizeof(dev->t10_wwn.model)); 1485 + strscpy(dev->t10_wwn.model, stripped, sizeof(dev->t10_wwn.model)); 1486 1486 1487 1487 pr_debug("Target_Core_ConfigFS: Set emulated T10 Model Identification: %s\n", 1488 1488 dev->t10_wwn.model); ··· 1538 1538 } 1539 1539 1540 1540 BUILD_BUG_ON(sizeof(dev->t10_wwn.revision) != INQUIRY_REVISION_LEN + 1); 1541 - strlcpy(dev->t10_wwn.revision, stripped, sizeof(dev->t10_wwn.revision)); 1541 + strscpy(dev->t10_wwn.revision, stripped, sizeof(dev->t10_wwn.revision)); 1542 1542 1543 1543 pr_debug("Target_Core_ConfigFS: Set emulated T10 Revision: %s\n", 1544 1544 dev->t10_wwn.revision);
+3 -3
drivers/target/target_core_device.c
··· 789 789 xcopy_lun->lun_tpg = &xcopy_pt_tpg; 790 790 791 791 /* Preload the default INQUIRY const values */ 792 - strlcpy(dev->t10_wwn.vendor, "LIO-ORG", sizeof(dev->t10_wwn.vendor)); 793 - strlcpy(dev->t10_wwn.model, dev->transport->inquiry_prod, 792 + strscpy(dev->t10_wwn.vendor, "LIO-ORG", sizeof(dev->t10_wwn.vendor)); 793 + strscpy(dev->t10_wwn.model, dev->transport->inquiry_prod, 794 794 sizeof(dev->t10_wwn.model)); 795 - strlcpy(dev->t10_wwn.revision, dev->transport->inquiry_rev, 795 + strscpy(dev->t10_wwn.revision, dev->transport->inquiry_rev, 796 796 sizeof(dev->t10_wwn.revision)); 797 797 798 798 return dev;