lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 15 Jul 2020 16:26:33 -0400 From: "Martin K. Petersen" <martin.petersen@...cle.com> To: Lee Jones <lee.jones@...aro.org> Cc: jejb@...ux.ibm.com, martin.petersen@...cle.com, linux-kernel@...r.kernel.org, linux-scsi@...r.kernel.org, support@...ca.com.tw Subject: Re: [PATCH 16/30] scsi: arcmsr: arcmsr_hba: Make room for the trailing NULL, even if it is over-written Lee, > Ensure we do not copy the final one (which is not overwitten). > > - strncpy(&inqdata[8], "Areca ", 8); > + strncpy(&inqdata[8], "Areca ", 9); > /* Vendor Identification */ > - strncpy(&inqdata[16], "RAID controller ", 16); > + strncpy(&inqdata[16], "RAID controller ", 17); > /* Product Identification */ > - strncpy(&inqdata[32], "R001", 4); /* Product Revision */ > + strncpy(&inqdata[32], "R001", 5); /* Product Revision */ SCSI INQUIRY strings are fixed length and not NULL-terminated. Please address this warning using either memcpy() or strlcpy(). Thanks! -- Martin K. Petersen Oracle Linux Engineering
Powered by blists - more mailing lists