lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 15 Sep 2014 00:13:31 +0200 From: Rickard Strandqvist <rickard_strandqvist@...ctrumdigital.se> To: "Elliott, Robert (Server Storage)" <Elliott@...com> Cc: "James E.J. Bottomley" <JBottomley@...allels.com>, "linux-scsi@...r.kernel.org" <linux-scsi@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: Re: [PATCH] scsi: scsi_devinfo.c: Cleaning up unnecessarily complicated in conjunction with strncpy 2014-09-14 23:34 GMT+02:00 Elliott, Robert (Server Storage) <Elliott@...com>: > > >> -----Original Message----- >> From: linux-scsi-owner@...r.kernel.org [mailto:linux-scsi- >> owner@...r.kernel.org] On Behalf Of Rickard Strandqvist > ... >> diff --git a/drivers/scsi/scsi_devinfo.c b/drivers/scsi/scsi_devinfo.c > ... >> static void scsi_strcpy_devinfo(char *name, char *to, size_t to_length, >> char *from, int compatible) >> { >> - size_t from_length; >> - >> - from_length = strlen(from); >> - strncpy(to, from, min(to_length, from_length)); >> - if (from_length < to_length) { >> - if (compatible) { >> - /* >> - * NUL terminate the string if it is short. >> - */ >> - to[from_length] = '\0'; >> - } else { >> - /* >> - * space pad the string if it is short. >> - */ >> - strncpy(&to[from_length], spaces, >> - to_length - from_length); >> - } >> - } >> - if (from_length > to_length) >> - printk(KERN_WARNING "%s: %s string '%s' is too long\n", >> + strncpy(to, from, to_length); >> + if (to[to_length - 1] != '\0') { >> + to[to_length - 1] = '\0'; >> + printk(KERN_WARNING "%s: %s string '%s' is too long\n", >> __func__, name, from); >> + } > > The caller of this function, scsi_dev_info_list_add_keyed, created > the "to" destination buffer, devinfo, with kmalloc, so it's not > guaranteed to be full of zeros. > > If from_length is shorter than to_length, then this code will > be inspecting an uninitialized character that strncpy didn't > touch. > > --- > Rob Elliott HP Server Storage > Hi Elliott How do you mean? strncpy zeroes throughout the remainder of the string "from" until the length off to_length, or otherwise guaranteed trailing zero characters and a warning is printed. Is not it exactly the functionality that is desired? Kind regards Rickard Strandqvist -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists