| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20210322160253.4032422-10-arnd@kernel.org>
Date: Mon, 22 Mar 2021 17:02:47 +0100
From: Arnd Bergmann <arnd@...nel.org>
To: linux-kernel@...r.kernel.org, Martin Sebor <msebor@....gnu.org>,
James Smart <james.smart@...adcom.com>,
Dick Kennedy <dick.kennedy@...adcom.com>,
"James E.J. Bottomley" <jejb@...ux.ibm.com>,
"Martin K. Petersen" <martin.petersen@...cle.com>
Cc: Arnd Bergmann <arnd@...db.de>, x86@...nel.org,
Ning Sun <ning.sun@...el.com>,
Jani Nikula <jani.nikula@...ux.intel.com>,
Kalle Valo <kvalo@...eaurora.org>,
Simon Kelley <simon@...kelleys.org.uk>,
Anders Larsen <al@...rsen.net>, Tejun Heo <tj@...nel.org>,
Serge Hallyn <serge@...lyn.com>,
Imre Deak <imre.deak@...el.com>,
linux-arm-kernel@...ts.infradead.org,
tboot-devel@...ts.sourceforge.net, intel-gfx@...ts.freedesktop.org,
dri-devel@...ts.freedesktop.org, ath11k@...ts.infradead.org,
linux-wireless@...r.kernel.org, netdev@...r.kernel.org,
linux-scsi@...r.kernel.org, cgroups@...r.kernel.org,
linux-security-module@...r.kernel.org,
Hannes Reinecke <hare@...e.de>,
Lee Jones <lee.jones@...aro.org>,
Colin Ian King <colin.king@...onical.com>,
Ye Bin <yebin10@...wei.com>
Subject: [PATCH 09/11] scsi: lpfc: fix gcc -Wstringop-overread warning
From: Arnd Bergmann <arnd@...db.de>
gcc-11 warns about an strnlen with a length larger than the size of the
passed buffer:
drivers/scsi/lpfc/lpfc_attr.c: In function 'lpfc_nvme_info_show':
drivers/scsi/lpfc/lpfc_attr.c:518:25: error: 'strnlen' specified bound 4095 exceeds source size 24 [-Werror=stringop-overread]
518 | strnlen(LPFC_NVME_INFO_MORE_STR, PAGE_SIZE - 1)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In this case, the code is entirely valid, as the string is properly
terminated, and the size argument is only there out of extra caution
in case it exceeds a page.
This cannot really happen here, so just simplify it to a sizeof().
Fixes: afff0d2321ea ("scsi: lpfc: Add Buffer overflow check, when nvme_info larger than PAGE_SIZE")
Signed-off-by: Arnd Bergmann <arnd@...db.de>
---
drivers/scsi/lpfc/lpfc_attr.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/drivers/scsi/lpfc/lpfc_attr.c b/drivers/scsi/lpfc/lpfc_attr.c
index bdd9a29f4201..f6d886f9dfb3 100644
--- a/drivers/scsi/lpfc/lpfc_attr.c
+++ b/drivers/scsi/lpfc/lpfc_attr.c
@@ -512,11 +512,9 @@ lpfc_nvme_info_show(struct device *dev, struct device_attribute *attr,
"6314 Catching potential buffer "
"overflow > PAGE_SIZE = %lu bytes\n",
PAGE_SIZE);
- strlcpy(buf + PAGE_SIZE - 1 -
- strnlen(LPFC_NVME_INFO_MORE_STR, PAGE_SIZE - 1),
+ strlcpy(buf + PAGE_SIZE - 1 - sizeof(LPFC_NVME_INFO_MORE_STR),
LPFC_NVME_INFO_MORE_STR,
- strnlen(LPFC_NVME_INFO_MORE_STR, PAGE_SIZE - 1)
- + 1);
+ sizeof(LPFC_NVME_INFO_MORE_STR) + 1);
}
return len;
--
2.29.2
Powered by blists - more mailing lists