| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 15 May 2023 22:02:10 -0400
From: Azeem Shaikh <azeemshaikh38@...il.com>
To: Anil Gurumurthy <anil.gurumurthy@...gic.com>,
Sudarsana Kalluru <sudarsana.kalluru@...gic.com>
Cc: linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org,
"James E.J. Bottomley" <jejb@...ux.ibm.com>,
"Martin K. Petersen" <martin.petersen@...cle.com>,
linux-hardening@...r.kernel.org
Subject: Re: [PATCH] scsi: bfa: Replace all non-returning strlcpy with strscpy
cc linux-hardening@...r.kernel.org
On Mon, May 15, 2023 at 9:35 PM Azeem Shaikh <azeemshaikh38@...il.com> wrote:
>
> strlcpy() reads the entire source buffer first.
> This read may exceed the destination size limit.
> This is both inefficient and can lead to linear read
> overflows if a source string is not NUL-terminated [1].
> In an effort to remove strlcpy() completely [2], replace
> strlcpy() here with strscpy().
> No return values were used, so direct replacement is safe.
>
> [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
> [2] https://github.com/KSPP/linux/issues/89
>
> Signed-off-by: Azeem Shaikh <azeemshaikh38@...il.com>
> ---
> drivers/scsi/bfa/bfa_fcbuild.c | 4 ++--
> drivers/scsi/bfa/bfa_fcs.c | 4 ++--
> drivers/scsi/bfa/bfa_fcs_lport.c | 20 ++++++++++----------
> drivers/scsi/bfa/bfa_ioc.c | 2 +-
> drivers/scsi/bfa/bfa_svc.c | 2 +-
> drivers/scsi/bfa/bfad.c | 10 +++++-----
> drivers/scsi/bfa/bfad_attr.c | 2 +-
> drivers/scsi/bfa/bfad_bsg.c | 4 ++--
> drivers/scsi/bfa/bfad_im.c | 2 +-
> 9 files changed, 25 insertions(+), 25 deletions(-)
>
> diff --git a/drivers/scsi/bfa/bfa_fcbuild.c b/drivers/scsi/bfa/bfa_fcbuild.c
> index df18d9d2af53..773c84af784c 100644
> --- a/drivers/scsi/bfa/bfa_fcbuild.c
> +++ b/drivers/scsi/bfa/bfa_fcbuild.c
> @@ -1134,7 +1134,7 @@ fc_rspnid_build(struct fchs_s *fchs, void *pyld, u32 s_id, u16 ox_id,
> memset(rspnid, 0, sizeof(struct fcgs_rspnid_req_s));
>
> rspnid->dap = s_id;
> - strlcpy(rspnid->spn, name, sizeof(rspnid->spn));
> + strscpy(rspnid->spn, name, sizeof(rspnid->spn));
> rspnid->spn_len = (u8) strlen(rspnid->spn);
>
> return sizeof(struct fcgs_rspnid_req_s) + sizeof(struct ct_hdr_s);
> @@ -1155,7 +1155,7 @@ fc_rsnn_nn_build(struct fchs_s *fchs, void *pyld, u32 s_id,
> memset(rsnn_nn, 0, sizeof(struct fcgs_rsnn_nn_req_s));
>
> rsnn_nn->node_name = node_name;
> - strlcpy(rsnn_nn->snn, name, sizeof(rsnn_nn->snn));
> + strscpy(rsnn_nn->snn, name, sizeof(rsnn_nn->snn));
> rsnn_nn->snn_len = (u8) strlen(rsnn_nn->snn);
>
> return sizeof(struct fcgs_rsnn_nn_req_s) + sizeof(struct ct_hdr_s);
> diff --git a/drivers/scsi/bfa/bfa_fcs.c b/drivers/scsi/bfa/bfa_fcs.c
> index d2d396ca0e9a..5023c0ab4277 100644
> --- a/drivers/scsi/bfa/bfa_fcs.c
> +++ b/drivers/scsi/bfa/bfa_fcs.c
> @@ -761,7 +761,7 @@ bfa_fcs_fabric_psymb_init(struct bfa_fcs_fabric_s *fabric)
> bfa_ioc_get_adapter_model(&fabric->fcs->bfa->ioc, model);
>
> /* Model name/number */
> - strlcpy(port_cfg->sym_name.symname, model,
> + strscpy(port_cfg->sym_name.symname, model,
> BFA_SYMNAME_MAXLEN);
> strlcat(port_cfg->sym_name.symname, BFA_FCS_PORT_SYMBNAME_SEPARATOR,
> BFA_SYMNAME_MAXLEN);
> @@ -822,7 +822,7 @@ bfa_fcs_fabric_nsymb_init(struct bfa_fcs_fabric_s *fabric)
> bfa_ioc_get_adapter_model(&fabric->fcs->bfa->ioc, model);
>
> /* Model name/number */
> - strlcpy(port_cfg->node_sym_name.symname, model,
> + strscpy(port_cfg->node_sym_name.symname, model,
> BFA_SYMNAME_MAXLEN);
> strlcat(port_cfg->node_sym_name.symname,
> BFA_FCS_PORT_SYMBNAME_SEPARATOR,
> diff --git a/drivers/scsi/bfa/bfa_fcs_lport.c b/drivers/scsi/bfa/bfa_fcs_lport.c
> index b12afcc4b189..008afd817087 100644
> --- a/drivers/scsi/bfa/bfa_fcs_lport.c
> +++ b/drivers/scsi/bfa/bfa_fcs_lport.c
> @@ -2642,10 +2642,10 @@ bfa_fcs_fdmi_get_hbaattr(struct bfa_fcs_lport_fdmi_s *fdmi,
> bfa_ioc_get_adapter_fw_ver(&port->fcs->bfa->ioc,
> hba_attr->fw_version);
>
> - strlcpy(hba_attr->driver_version, (char *)driver_info->version,
> + strscpy(hba_attr->driver_version, (char *)driver_info->version,
> sizeof(hba_attr->driver_version));
>
> - strlcpy(hba_attr->os_name, driver_info->host_os_name,
> + strscpy(hba_attr->os_name, driver_info->host_os_name,
> sizeof(hba_attr->os_name));
>
> /*
> @@ -2663,13 +2663,13 @@ bfa_fcs_fdmi_get_hbaattr(struct bfa_fcs_lport_fdmi_s *fdmi,
> bfa_fcs_fdmi_get_portattr(fdmi, &fcs_port_attr);
> hba_attr->max_ct_pyld = fcs_port_attr.max_frm_size;
>
> - strlcpy(hba_attr->node_sym_name.symname,
> + strscpy(hba_attr->node_sym_name.symname,
> port->port_cfg.node_sym_name.symname, BFA_SYMNAME_MAXLEN);
> strcpy(hba_attr->vendor_info, "QLogic");
> hba_attr->num_ports =
> cpu_to_be32(bfa_ioc_get_nports(&port->fcs->bfa->ioc));
> hba_attr->fabric_name = port->fabric->lps->pr_nwwn;
> - strlcpy(hba_attr->bios_ver, hba_attr->option_rom_ver, BFA_VERSION_LEN);
> + strscpy(hba_attr->bios_ver, hba_attr->option_rom_ver, BFA_VERSION_LEN);
>
> }
>
> @@ -2736,19 +2736,19 @@ bfa_fcs_fdmi_get_portattr(struct bfa_fcs_lport_fdmi_s *fdmi,
> /*
> * OS device Name
> */
> - strlcpy(port_attr->os_device_name, driver_info->os_device_name,
> + strscpy(port_attr->os_device_name, driver_info->os_device_name,
> sizeof(port_attr->os_device_name));
>
> /*
> * Host name
> */
> - strlcpy(port_attr->host_name, driver_info->host_machine_name,
> + strscpy(port_attr->host_name, driver_info->host_machine_name,
> sizeof(port_attr->host_name));
>
> port_attr->node_name = bfa_fcs_lport_get_nwwn(port);
> port_attr->port_name = bfa_fcs_lport_get_pwwn(port);
>
> - strlcpy(port_attr->port_sym_name.symname,
> + strscpy(port_attr->port_sym_name.symname,
> bfa_fcs_lport_get_psym_name(port).symname, BFA_SYMNAME_MAXLEN);
> bfa_fcs_lport_get_attr(port, &lport_attr);
> port_attr->port_type = cpu_to_be32(lport_attr.port_type);
> @@ -3229,7 +3229,7 @@ bfa_fcs_lport_ms_gmal_response(void *fcsarg, struct bfa_fcxp_s *fcxp,
> rsp_str[gmal_entry->len-1] = 0;
>
> /* copy IP Address to fabric */
> - strlcpy(bfa_fcs_lport_get_fabric_ipaddr(port),
> + strscpy(bfa_fcs_lport_get_fabric_ipaddr(port),
> gmal_entry->ip_addr,
> BFA_FCS_FABRIC_IPADDR_SZ);
> break;
> @@ -4667,7 +4667,7 @@ bfa_fcs_lport_ns_send_rspn_id(void *ns_cbarg, struct bfa_fcxp_s *fcxp_alloced)
> * to that of the base port.
> */
>
> - strlcpy(symbl,
> + strscpy(symbl,
> (char *)&(bfa_fcs_lport_get_psym_name
> (bfa_fcs_get_base_port(port->fcs))),
> sizeof(symbl));
> @@ -5194,7 +5194,7 @@ bfa_fcs_lport_ns_util_send_rspn_id(void *cbarg, struct bfa_fcxp_s *fcxp_alloced)
> * For Vports, we append the vport's port symbolic name
> * to that of the base port.
> */
> - strlcpy(symbl, (char *)&(bfa_fcs_lport_get_psym_name
> + strscpy(symbl, (char *)&(bfa_fcs_lport_get_psym_name
> (bfa_fcs_get_base_port(port->fcs))),
> sizeof(symbl));
>
> diff --git a/drivers/scsi/bfa/bfa_ioc.c b/drivers/scsi/bfa/bfa_ioc.c
> index 5740302d83ac..e1ed1424fddb 100644
> --- a/drivers/scsi/bfa/bfa_ioc.c
> +++ b/drivers/scsi/bfa/bfa_ioc.c
> @@ -2788,7 +2788,7 @@ void
> bfa_ioc_get_adapter_manufacturer(struct bfa_ioc_s *ioc, char *manufacturer)
> {
> memset((void *)manufacturer, 0, BFA_ADAPTER_MFG_NAME_LEN);
> - strlcpy(manufacturer, BFA_MFG_NAME, BFA_ADAPTER_MFG_NAME_LEN);
> + strscpy(manufacturer, BFA_MFG_NAME, BFA_ADAPTER_MFG_NAME_LEN);
> }
>
> void
> diff --git a/drivers/scsi/bfa/bfa_svc.c b/drivers/scsi/bfa/bfa_svc.c
> index 4e3cef02f10f..c9745c0b4eee 100644
> --- a/drivers/scsi/bfa/bfa_svc.c
> +++ b/drivers/scsi/bfa/bfa_svc.c
> @@ -330,7 +330,7 @@ bfa_plog_str(struct bfa_plog_s *plog, enum bfa_plog_mid mid,
> lp.eid = event;
> lp.log_type = BFA_PL_LOG_TYPE_STRING;
> lp.misc = misc;
> - strlcpy(lp.log_entry.string_log, log_str,
> + strscpy(lp.log_entry.string_log, log_str,
> BFA_PL_STRING_LOG_SZ);
> lp.log_entry.string_log[BFA_PL_STRING_LOG_SZ - 1] = '\0';
> bfa_plog_add(plog, &lp);
> diff --git a/drivers/scsi/bfa/bfad.c b/drivers/scsi/bfa/bfad.c
> index 529b73a83d69..62cb7a864fd5 100644
> --- a/drivers/scsi/bfa/bfad.c
> +++ b/drivers/scsi/bfa/bfad.c
> @@ -965,19 +965,19 @@ bfad_start_ops(struct bfad_s *bfad) {
>
> /* Fill the driver_info info to fcs*/
> memset(&driver_info, 0, sizeof(driver_info));
> - strlcpy(driver_info.version, BFAD_DRIVER_VERSION,
> + strscpy(driver_info.version, BFAD_DRIVER_VERSION,
> sizeof(driver_info.version));
> if (host_name)
> - strlcpy(driver_info.host_machine_name, host_name,
> + strscpy(driver_info.host_machine_name, host_name,
> sizeof(driver_info.host_machine_name));
> if (os_name)
> - strlcpy(driver_info.host_os_name, os_name,
> + strscpy(driver_info.host_os_name, os_name,
> sizeof(driver_info.host_os_name));
> if (os_patch)
> - strlcpy(driver_info.host_os_patch, os_patch,
> + strscpy(driver_info.host_os_patch, os_patch,
> sizeof(driver_info.host_os_patch));
>
> - strlcpy(driver_info.os_device_name, bfad->pci_name,
> + strscpy(driver_info.os_device_name, bfad->pci_name,
> sizeof(driver_info.os_device_name));
>
> /* FCS driver info init */
> diff --git a/drivers/scsi/bfa/bfad_attr.c b/drivers/scsi/bfa/bfad_attr.c
> index 5a85401e9e2d..e96e4b6df265 100644
> --- a/drivers/scsi/bfa/bfad_attr.c
> +++ b/drivers/scsi/bfa/bfad_attr.c
> @@ -834,7 +834,7 @@ bfad_im_symbolic_name_show(struct device *dev, struct device_attribute *attr,
> char symname[BFA_SYMNAME_MAXLEN];
>
> bfa_fcs_lport_get_attr(&bfad->bfa_fcs.fabric.bport, &port_attr);
> - strlcpy(symname, port_attr.port_cfg.sym_name.symname,
> + strscpy(symname, port_attr.port_cfg.sym_name.symname,
> BFA_SYMNAME_MAXLEN);
> return sysfs_emit(buf, "%s\n", symname);
> }
> diff --git a/drivers/scsi/bfa/bfad_bsg.c b/drivers/scsi/bfa/bfad_bsg.c
> index 79d4f7ee5bcb..520f9152f3bf 100644
> --- a/drivers/scsi/bfa/bfad_bsg.c
> +++ b/drivers/scsi/bfa/bfad_bsg.c
> @@ -119,7 +119,7 @@ bfad_iocmd_ioc_get_attr(struct bfad_s *bfad, void *cmd)
>
> /* fill in driver attr info */
> strcpy(iocmd->ioc_attr.driver_attr.driver, BFAD_DRIVER_NAME);
> - strlcpy(iocmd->ioc_attr.driver_attr.driver_ver,
> + strscpy(iocmd->ioc_attr.driver_attr.driver_ver,
> BFAD_DRIVER_VERSION, BFA_VERSION_LEN);
> strcpy(iocmd->ioc_attr.driver_attr.fw_ver,
> iocmd->ioc_attr.adapter_attr.fw_ver);
> @@ -307,7 +307,7 @@ bfad_iocmd_port_get_attr(struct bfad_s *bfad, void *cmd)
> iocmd->attr.port_type = port_attr.port_type;
> iocmd->attr.loopback = port_attr.loopback;
> iocmd->attr.authfail = port_attr.authfail;
> - strlcpy(iocmd->attr.port_symname.symname,
> + strscpy(iocmd->attr.port_symname.symname,
> port_attr.port_cfg.sym_name.symname,
> sizeof(iocmd->attr.port_symname.symname));
>
> diff --git a/drivers/scsi/bfa/bfad_im.c b/drivers/scsi/bfa/bfad_im.c
> index c335f7a188d2..a9d3d8562d3c 100644
> --- a/drivers/scsi/bfa/bfad_im.c
> +++ b/drivers/scsi/bfa/bfad_im.c
> @@ -1046,7 +1046,7 @@ bfad_fc_host_init(struct bfad_im_port_s *im_port)
> /* For fibre channel services type 0x20 */
> fc_host_supported_fc4s(host)[7] = 1;
>
> - strlcpy(symname, bfad->bfa_fcs.fabric.bport.port_cfg.sym_name.symname,
> + strscpy(symname, bfad->bfa_fcs.fabric.bport.port_cfg.sym_name.symname,
> BFA_SYMNAME_MAXLEN);
> sprintf(fc_host_symbolic_name(host), "%s", symname);
>
>
Powered by blists - more mailing lists