On 09/11/2018 07:34 AM, Bryant G. Ly wrote:
On 9/10/18 6:30 PM, Kees Cook wrote:
On Mon, Sep 10, 2018 at 3:37 PM, Laura Abbott <labb...@redhat.com> wrote:
There's currently a warning about string overflow with strncat:
drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c: In function 'ibmvscsis_probe':
drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c:3479:2: error: 'strncat' specified
bound 64 equals destination size [-Werror=stringop-overflow=]
strncat(vscsi->eye, vdev->name, MAX_EYE);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Switch to using strlcat which correctly accounts for lengths that
are equal to the destination buffer.
Signed-off-by: Laura Abbott <labb...@redhat.com>
---
drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c
b/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c
index fac377320158..53d344d8dc43 100644
--- a/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c
+++ b/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c
@@ -3475,7 +3475,7 @@ static int ibmvscsis_probe(struct vio_dev *vdev,
vscsi->dds.window[REMOTE].liobn);
strcpy(vscsi->eye, "VSCSI ");
- strncat(vscsi->eye, vdev->name, MAX_EYE);
+ strlcat(vscsi->eye, vdev->name, MAX_EYE);
Can this just get switched to snprintf() instead?
snprintf(vscsi->eye, sizeof(vscsi->eye), "VSCSI%s", vdev->name);
Either works for me.
I'll switch to the snprintf since that's cleaner.
vscsi->dds.unit_id = vdev->unit_address;
strncpy(vscsi->dds.partition_name, partition_name,
And does this strncpy need a NUL-termination and/or trailing padding?
Yes, good catch, it does need NUL-termination.
I can send that cleanup in a second patch.
-Bryant
