| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20200713074645.126138-16-lee.jones@linaro.org>
Date: Mon, 13 Jul 2020 08:46:31 +0100
From: Lee Jones <lee.jones@...aro.org>
To: jejb@...ux.ibm.com, martin.petersen@...cle.com
Cc: linux-kernel@...r.kernel.org, linux-scsi@...r.kernel.org,
Lee Jones <lee.jones@...aro.org>, support@...ca.com.tw
Subject: [PATCH v2 15/29] scsi: arcmsr: arcmsr_hba: Make room for the trailing NULL, even if it is over-written
Ensure we do not copy the final one (which is not overwitten).
Fixes the following W=1 kernel build warning(s):
In file included from include/linux/bitmap.h:9,
from include/linux/nodemask.h:95,
from include/linux/mmzone.h:17,
from include/linux/gfp.h:6,
from include/linux/umh.h:4,
from include/linux/kmod.h:9,
from include/linux/module.h:16,
from drivers/scsi/arcmsr/arcmsr_hba.c:47:
In function ‘strncpy’,
inlined from ‘arcmsr_handle_virtual_command’ at drivers/scsi/arcmsr/arcmsr_hba.c:3055:3:
include/linux/string.h:297:30: warning: ‘__builtin_strncpy’ output truncated before terminating nul copying 4 bytes from a string of the same length [-Wstringop-truncation]
297 | #define __underlying_strncpy __builtin_strncpy
| ^
include/linux/string.h:307:9: note: in expansion of macro ‘__underlying_strncpy’
307 | return __underlying_strncpy(p, q, size);
| ^~~~~~~~~~~~~~~~~~~~
In function ‘strncpy’,
inlined from ‘arcmsr_handle_virtual_command’ at drivers/scsi/arcmsr/arcmsr_hba.c:3053:3:
include/linux/string.h:297:30: warning: ‘__builtin_strncpy’ output truncated before terminating nul copying 16 bytes from a string of the same length [-Wstringop-truncation]
297 | #define __underlying_strncpy __builtin_strncpy
| ^
include/linux/string.h:307:9: note: in expansion of macro ‘__underlying_strncpy’
307 | return __underlying_strncpy(p, q, size);
| ^~~~~~~~~~~~~~~~~~~~
In function ‘strncpy’,
inlined from ‘arcmsr_handle_virtual_command’ at drivers/scsi/arcmsr/arcmsr_hba.c:3051:3:
include/linux/string.h:297:30: warning: ‘__builtin_strncpy’ output truncated before terminating nul copying 8 bytes from a string of the same length [-Wstringop-truncation]
297 | #define __underlying_strncpy __builtin_strncpy
| ^
include/linux/string.h:307:9: note: in expansion of macro ‘__underlying_strncpy’
307 | return __underlying_strncpy(p, q, size);
| ^~~~~~~~~~~~~~~~~~~~
Cc: support@...ca.com.tw
Signed-off-by: Lee Jones <lee.jones@...aro.org>
---
drivers/scsi/arcmsr/arcmsr_hba.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/scsi/arcmsr/arcmsr_hba.c b/drivers/scsi/arcmsr/arcmsr_hba.c
index 1c252934409c7..5feed135eb26c 100644
--- a/drivers/scsi/arcmsr/arcmsr_hba.c
+++ b/drivers/scsi/arcmsr/arcmsr_hba.c
@@ -3031,7 +3031,7 @@ static void arcmsr_handle_virtual_command(struct AdapterControlBlock *acb,
{
switch (cmd->cmnd[0]) {
case INQUIRY: {
- unsigned char inqdata[36];
+ unsigned char inqdata[37];
char *buffer;
struct scatterlist *sg;
@@ -3048,16 +3048,16 @@ static void arcmsr_handle_virtual_command(struct AdapterControlBlock *acb,
/* ISO, ECMA, & ANSI versions */
inqdata[4] = 31;
/* length of additional data */
- strncpy(&inqdata[8], "Areca ", 8);
+ strncpy(&inqdata[8], "Areca ", 9);
/* Vendor Identification */
- strncpy(&inqdata[16], "RAID controller ", 16);
+ strncpy(&inqdata[16], "RAID controller ", 17);
/* Product Identification */
- strncpy(&inqdata[32], "R001", 4); /* Product Revision */
+ strncpy(&inqdata[32], "R001", 5); /* Product Revision */
sg = scsi_sglist(cmd);
buffer = kmap_atomic(sg_page(sg)) + sg->offset;
- memcpy(buffer, inqdata, sizeof(inqdata));
+ memcpy(buffer, inqdata, sizeof(inqdata) - 1);
sg = scsi_sglist(cmd);
kunmap_atomic(buffer - sg->offset);
--
2.25.1
Powered by blists - more mailing lists