| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250214114302.86001-2-thorsten.blum@linux.dev>
Date: Fri, 14 Feb 2025 12:43:02 +0100
From: Thorsten Blum <thorsten.blum@...ux.dev>
To: Don Brace <don.brace@...rochip.com>,
"James E.J. Bottomley" <James.Bottomley@...senPartnership.com>,
"Martin K. Petersen" <martin.petersen@...cle.com>
Cc: Thorsten Blum <thorsten.blum@...ux.dev>,
linux-hardening@...r.kernel.org,
Kees Cook <kees@...nel.org>,
David Laight <david.laight.linux@...il.com>,
Bart Van Assche <bvanassche@....org>,
storagedev@...rochip.com,
linux-scsi@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [PATCH v3] scsi: hpsa: Remove deprecated and unnecessary strncpy()
While replacing strncpy() with strscpy(), Bart Van Assche pointed out
that the code occurs inside sysfs write callbacks, which already uses
NUL-terminated strings. This allows the string to be passed directly to
sscanf() without requiring a temporary copy.
Remove the deprecated and unnecessary strncpy() and the corresponding
local variables, and pass the buffer buf directly to sscanf().
Replace sscanf() with kstrtoint() to silence checkpatch warnings.
Compile-tested only.
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@...r.kernel.org
Cc: Kees Cook <kees@...nel.org>
Cc: David Laight <david.laight.linux@...il.com>
Suggested-by: Bart Van Assche <bvanassche@....org>
Signed-off-by: Thorsten Blum <thorsten.blum@...ux.dev>
---
Changes in v2:
- Adjust len to copy the same number of bytes as with strncpy()
- Link to v1: https://lore.kernel.org/r/20250212222214.86110-2-thorsten.blum@linux.dev/
Changes in v3:
- Remove strncpy() and tmpbuf et al and use buf directly as suggested by
Bart Van Assche and Kees Cook
- Replace sscanf() with kstrtoint() as suggested by David Laight
- Link to v2: https://lore.kernel.org/linux-kernel/20250213195332.1464-3-thorsten.blum@linux.dev/
---
drivers/scsi/hpsa.c | 16 ++++------------
1 file changed, 4 insertions(+), 12 deletions(-)
diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c
index 84d8de07b7ae..bb65954b1b1e 100644
--- a/drivers/scsi/hpsa.c
+++ b/drivers/scsi/hpsa.c
@@ -453,17 +453,13 @@ static ssize_t host_store_hp_ssd_smart_path_status(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t count)
{
- int status, len;
+ int status;
struct ctlr_info *h;
struct Scsi_Host *shost = class_to_shost(dev);
- char tmpbuf[10];
if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO))
return -EACCES;
- len = count > sizeof(tmpbuf) - 1 ? sizeof(tmpbuf) - 1 : count;
- strncpy(tmpbuf, buf, len);
- tmpbuf[len] = '\0';
- if (sscanf(tmpbuf, "%d", &status) != 1)
+ if (kstrtoint(buf, 10, &status))
return -EINVAL;
h = shost_to_hba(shost);
h->acciopath_status = !!status;
@@ -477,17 +473,13 @@ static ssize_t host_store_raid_offload_debug(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t count)
{
- int debug_level, len;
+ int debug_level;
struct ctlr_info *h;
struct Scsi_Host *shost = class_to_shost(dev);
- char tmpbuf[10];
if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO))
return -EACCES;
- len = count > sizeof(tmpbuf) - 1 ? sizeof(tmpbuf) - 1 : count;
- strncpy(tmpbuf, buf, len);
- tmpbuf[len] = '\0';
- if (sscanf(tmpbuf, "%d", &debug_level) != 1)
+ if (kstrtoint(buf, 10, &debug_level))
return -EINVAL;
if (debug_level < 0)
debug_level = 0;
--
2.48.1
Powered by blists - more mailing lists