linux-kernel - [PATCH] scsi: qedf: Fix possible buffer overflow

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite: Windows password security audit tool. GUI, reports in PDF.

[<prev] [next>] [day] [month] [year] [list]

Date:   Sat,  3 Dec 2022 00:46:07 +0300
From:   Artem Chernyshev <artem.chernyshev@...-soft.ru>
To:     "James E.J. Bottomley" <jejb@...ux.ibm.com>,
        "Martin K. Petersen" <martin.petersen@...cle.com>
Cc:     Artem Chernyshev <artem.chernyshev@...-soft.ru>,
        Saurav Kashyap <skashyap@...vell.com>,
        Javed Hasan <jhasan@...vell.com>, linux-scsi@...r.kernel.org,
        linux-kernel@...r.kernel.org, lvc-project@...uxtesting.org
Subject: [PATCH] scsi: qedf: Fix possible buffer overflow

In __qedf_probe() it is possible to overflow buffer host_buf[20]
and form non terminated string as result of passing large enough
(10 digits) number what gives us string of length 21 in sprintf()
function

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
Signed-off-by: Artem Chernyshev <artem.chernyshev@...-soft.ru>
---
 drivers/scsi/qedf/qedf_main.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/scsi/qedf/qedf_main.c b/drivers/scsi/qedf/qedf_main.c
index e045c6e25090..bab54fa07dfc 100644
--- a/drivers/scsi/qedf/qedf_main.c
+++ b/drivers/scsi/qedf/qedf_main.c
@@ -3287,7 +3287,7 @@ static int __qedf_probe(struct pci_dev *pdev, int mode)
 	struct Scsi_Host *host;
 	bool is_vf = false;
 	struct qed_ll2_params params;
-	char host_buf[20];
+	char host_buf[21];
 	struct qed_link_params link_params;
 	int status;
 	void *task_start, *task_end;
-- 
2.30.3