[2/2] qedi: Fix truncation of target name

Message ID	20180627121436.10873-3-nilesh.javali@cavium.com (mailing list archive)
State	Changes Requested
Headers	show Return-Path: <linux-scsi-owner@kernel.org> Received-SPF: Pass (protection.outlook.com: domain of cavium.com designates 50.232.66.26 as permitted sender) receiver=protection.outlook.com; client-ip=50.232.66.26; helo=CAEXCH02.caveonetworks.com; From: Nilesh Javali <nilesh.javali@cavium.com> To: <martin.petersen@oracle.com>, <lduncan@suse.com>, <cleech@redhat.com> CC: <linux-scsi@vger.kernel.org>, <QLogic-Storage-Upstream@cavium.com> Subject: [PATCH 2/2] qedi: Fix truncation of target name Date: Wed, 27 Jun 2018 05:14:36 -0700 Message-ID: <20180627121436.10873-3-nilesh.javali@cavium.com> In-Reply-To: <20180627121436.10873-1-nilesh.javali@cavium.com> References: <20180627121436.10873-1-nilesh.javali@cavium.com> MIME-Version: 1.0 Content-Type: text/plain SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; CY1PR0701MB1385; 7:m8afSodiMJCEhGKJRYmIgzOivNsEkFKdZilQKcOZsE41AYH7fDbH4FuwjESBpuL8ptgH9UU6HBT2c3O3NS5KKW0eTLue3JBIc/tew1HIxuiu9Rg+x6bGw6+R2yWRzL+cjULPxkkIHFi0ioHtvWA5fV4nJKyGsvbxWt5rGTgZjjyADUeSPcPm4v1WtqVohTWb1BUlzda75cnLihAgVAqDvZV+v/JMCFDT3rKv+iPy/cGttnKCuKjCa739PEzUSvWA Sender: linux-scsi-owner@vger.kernel.org Precedence: bulk

Message ID

20180627121436.10873-3-nilesh.javali@cavium.com (mailing list archive)

State

Changes Requested

Headers

Received-SPF: Pass (protection.outlook.com: domain of cavium.com designates
	50.232.66.26 as permitted sender)
	receiver=protection.outlook.com; 
	client-ip=50.232.66.26; helo=CAEXCH02.caveonetworks.com;
From: Nilesh Javali <nilesh.javali@cavium.com>
To: <martin.petersen@oracle.com>, <lduncan@suse.com>, <cleech@redhat.com>
CC: <linux-scsi@vger.kernel.org>, <QLogic-Storage-Upstream@cavium.com>
Subject: [PATCH 2/2] qedi: Fix truncation of target name
Date: Wed, 27 Jun 2018 05:14:36 -0700
Message-ID: <20180627121436.10873-3-nilesh.javali@cavium.com>
In-Reply-To: <20180627121436.10873-1-nilesh.javali@cavium.com>
References: <20180627121436.10873-1-nilesh.javali@cavium.com>
MIME-Version: 1.0
Content-Type: text/plain
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Jun 2018 12:14:58.0990
	(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 13ed8fae-dee3-4fa7-e6f4-08d5dc279a6d
X-MS-Exchange-CrossTenant-Id: 711e4ccf-2e9b-4bcf-a551-4094005b6194
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=711e4ccf-2e9b-4bcf-a551-4094005b6194;
	Ip=[50.232.66.26]; Helo=[CAEXCH02.caveonetworks.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR0701MB1385
Sender: linux-scsi-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-scsi.vger.kernel.org>
X-Mailing-List: linux-scsi@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Commit Message

Nilesh Javali June 27, 2018, 12:14 p.m. UTC

Use sprintf instead of snprintf to fix truncation of target name.
This fix is extension of patch
"scsi: qedi: Fix truncation of CHAP name and secret".

Signed-off-by: Nilesh Javali <nilesh.javali@cavium.com>
---
 drivers/scsi/qedi/qedi_main.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Bart Van Assche June 27, 2018, 2:05 p.m. UTC | #1

On Wed, 2018-06-27 at 05:14 -0700, Nilesh Javali wrote:
> Use sprintf instead of snprintf to fix truncation of target name.

> This fix is extension of patch

> "scsi: qedi: Fix truncation of CHAP name and secret".

> 

> Signed-off-by: Nilesh Javali <nilesh.javali@cavium.com>

> ---

>  drivers/scsi/qedi/qedi_main.c | 4 ++--

>  1 file changed, 2 insertions(+), 2 deletions(-)

> 

> diff --git a/drivers/scsi/qedi/qedi_main.c b/drivers/scsi/qedi/qedi_main.c

> index cf274a7..85491da 100644

> --- a/drivers/scsi/qedi/qedi_main.c

> +++ b/drivers/scsi/qedi/qedi_main.c

> @@ -888,8 +888,8 @@ static void qedi_get_boot_tgt_info(struct nvm_iscsi_block *block,

>  	ipv6_en = !!(block->generic.ctrl_flags &

>  		     NVM_ISCSI_CFG_GEN_IPV6_ENABLED);

>  

> -	snprintf(tgt->iscsi_name, NVM_ISCSI_CFG_ISCSI_NAME_MAX_LEN, "%s\n",

> -		 block->target[index].target_name.byte);

> +	sprintf(tgt->iscsi_name, "%.*s\n", NVM_ISCSI_CFG_ISCSI_NAME_MAX_LEN,

> +		block->target[index].target_name.byte);

>  

>  	tgt->ipv6_en = ipv6_en;


Also this patch changes code that is fine into code that can trigger a buffer
overflow. Additionally, for humans it is much harder than necessary to verify
the above code. Please consider to use sizeof(tgt->iscsi_name) - 2 instead of
NVM_ISCSI_CFG_ISCSI_NAME_MAX_LEN.

Thanks,

Bart.

diff --git a/drivers/scsi/qedi/qedi_main.c b/drivers/scsi/qedi/qedi_main.c
index cf274a7..85491da 100644
--- a/drivers/scsi/qedi/qedi_main.c
+++ b/drivers/scsi/qedi/qedi_main.c
@@ -888,8 +888,8 @@  static void qedi_get_boot_tgt_info(struct nvm_iscsi_block *block,
 	ipv6_en = !!(block->generic.ctrl_flags &
 		     NVM_ISCSI_CFG_GEN_IPV6_ENABLED);
 
-	snprintf(tgt->iscsi_name, NVM_ISCSI_CFG_ISCSI_NAME_MAX_LEN, "%s\n",
-		 block->target[index].target_name.byte);
+	sprintf(tgt->iscsi_name, "%.*s\n", NVM_ISCSI_CFG_ISCSI_NAME_MAX_LEN,
+		block->target[index].target_name.byte);
 
 	tgt->ipv6_en = ipv6_en;

[2/2] qedi: Fix truncation of target name

Commit Message

Comments

Patch