tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy()

strlcpy() reads the entire source buffer first. This read may exceed the
destination size limit. This is both inefficient and can lead to linear
read overflows if a source string is not NUL-terminated [1]. In an effort
to remove strlcpy() completely [2], replace strlcpy() here with strscpy().
No return values were used, so direct replacement is safe.

[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
[2] https://github.com/KSPP/linux/issues/89

Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
Link: https://lore.kernel.org/r/20230516025404.2843867-1-azeemshaikh38@gmail.com
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

authored by

Azeem Shaikh and committed by
Martin K. Petersen 37f1663c 41300cc9

+14 -14
+4 -4
drivers/scsi/qla2xxx/qla_init.c
··· 5076 5076 if (use_tbl && 5077 5077 ha->pdev->subsystem_vendor == PCI_VENDOR_ID_QLOGIC && 5078 5078 index < QLA_MODEL_NAMES) 5079 - strlcpy(ha->model_desc, 5079 + strscpy(ha->model_desc, 5080 5080 qla2x00_model_name[index * 2 + 1], 5081 5081 sizeof(ha->model_desc)); 5082 5082 } else { ··· 5084 5084 if (use_tbl && 5085 5085 ha->pdev->subsystem_vendor == PCI_VENDOR_ID_QLOGIC && 5086 5086 index < QLA_MODEL_NAMES) { 5087 - strlcpy(ha->model_number, 5087 + strscpy(ha->model_number, 5088 5088 qla2x00_model_name[index * 2], 5089 5089 sizeof(ha->model_number)); 5090 - strlcpy(ha->model_desc, 5090 + strscpy(ha->model_desc, 5091 5091 qla2x00_model_name[index * 2 + 1], 5092 5092 sizeof(ha->model_desc)); 5093 5093 } else { 5094 - strlcpy(ha->model_number, def, 5094 + strscpy(ha->model_number, def, 5095 5095 sizeof(ha->model_number)); 5096 5096 } 5097 5097 }
+10 -10
drivers/scsi/qla2xxx/qla_mr.c
··· 691 691 struct qla_hw_data *ha = vha->hw; 692 692 693 693 if (pci_is_pcie(ha->pdev)) 694 - strlcpy(str, "PCIe iSA", str_len); 694 + strscpy(str, "PCIe iSA", str_len); 695 695 return str; 696 696 } 697 697 ··· 1850 1850 phost_info = &preg_hsi->hsi; 1851 1851 memset(preg_hsi, 0, sizeof(struct register_host_info)); 1852 1852 phost_info->os_type = OS_TYPE_LINUX; 1853 - strlcpy(phost_info->sysname, p_sysid->sysname, 1853 + strscpy(phost_info->sysname, p_sysid->sysname, 1854 1854 sizeof(phost_info->sysname)); 1855 - strlcpy(phost_info->nodename, p_sysid->nodename, 1855 + strscpy(phost_info->nodename, p_sysid->nodename, 1856 1856 sizeof(phost_info->nodename)); 1857 1857 if (!strcmp(phost_info->nodename, "(none)")) 1858 1858 ha->mr.host_info_resend = true; 1859 - strlcpy(phost_info->release, p_sysid->release, 1859 + strscpy(phost_info->release, p_sysid->release, 1860 1860 sizeof(phost_info->release)); 1861 - strlcpy(phost_info->version, p_sysid->version, 1861 + strscpy(phost_info->version, p_sysid->version, 1862 1862 sizeof(phost_info->version)); 1863 - strlcpy(phost_info->machine, p_sysid->machine, 1863 + strscpy(phost_info->machine, p_sysid->machine, 1864 1864 sizeof(phost_info->machine)); 1865 - strlcpy(phost_info->domainname, p_sysid->domainname, 1865 + strscpy(phost_info->domainname, p_sysid->domainname, 1866 1866 sizeof(phost_info->domainname)); 1867 - strlcpy(phost_info->hostdriver, QLA2XXX_VERSION, 1867 + strscpy(phost_info->hostdriver, QLA2XXX_VERSION, 1868 1868 sizeof(phost_info->hostdriver)); 1869 1869 preg_hsi->utc = (uint64_t)ktime_get_real_seconds(); 1870 1870 ql_dbg(ql_dbg_init, vha, 0x0149, ··· 1909 1909 if (fx_type == FXDISC_GET_CONFIG_INFO) { 1910 1910 struct config_info_data *pinfo = 1911 1911 (struct config_info_data *) fdisc->u.fxiocb.rsp_addr; 1912 - strlcpy(vha->hw->model_number, pinfo->model_num, 1912 + strscpy(vha->hw->model_number, pinfo->model_num, 1913 1913 ARRAY_SIZE(vha->hw->model_number)); 1914 - strlcpy(vha->hw->model_desc, pinfo->model_description, 1914 + strscpy(vha->hw->model_desc, pinfo->model_description, 1915 1915 ARRAY_SIZE(vha->hw->model_desc)); 1916 1916 memcpy(&vha->hw->mr.symbolic_name, pinfo->symbolic_name, 1917 1917 sizeof(vha->hw->mr.symbolic_name));