Commit 973464fd authored by Azeem Shaikh's avatar Azeem Shaikh Committed by Martin K. Petersen
Browse files

scsi: bfa: Replace all non-returning strlcpy() with strscpy()

strlcpy() reads the entire source buffer first.  This read may exceed the
destination size limit.  This is both inefficient and can lead to linear
read overflows if a source string is not NUL-terminated [1].  In an effort
to remove strlcpy() completely [2], replace strlcpy() here with strscpy().
No return values were used, so direct replacement is safe.

[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
[2] https://github.com/KSPP/linux/issues/89



Signed-off-by: default avatarAzeem Shaikh <azeemshaikh38@gmail.com>
Link: https://lore.kernel.org/r/20230516013345.723623-1-azeemshaikh38@gmail.com


Reviewed-by: default avatarKees Cook <keescook@chromium.org>
Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
parent 8759924d
Loading
Loading
Loading
Loading
+2 −2
Original line number Diff line number Diff line
@@ -1134,7 +1134,7 @@ fc_rspnid_build(struct fchs_s *fchs, void *pyld, u32 s_id, u16 ox_id,
	memset(rspnid, 0, sizeof(struct fcgs_rspnid_req_s));

	rspnid->dap = s_id;
	strlcpy(rspnid->spn, name, sizeof(rspnid->spn));
	strscpy(rspnid->spn, name, sizeof(rspnid->spn));
	rspnid->spn_len = (u8) strlen(rspnid->spn);

	return sizeof(struct fcgs_rspnid_req_s) + sizeof(struct ct_hdr_s);
@@ -1155,7 +1155,7 @@ fc_rsnn_nn_build(struct fchs_s *fchs, void *pyld, u32 s_id,
	memset(rsnn_nn, 0, sizeof(struct fcgs_rsnn_nn_req_s));

	rsnn_nn->node_name = node_name;
	strlcpy(rsnn_nn->snn, name, sizeof(rsnn_nn->snn));
	strscpy(rsnn_nn->snn, name, sizeof(rsnn_nn->snn));
	rsnn_nn->snn_len = (u8) strlen(rsnn_nn->snn);

	return sizeof(struct fcgs_rsnn_nn_req_s) + sizeof(struct ct_hdr_s);
+2 −2
Original line number Diff line number Diff line
@@ -761,7 +761,7 @@ bfa_fcs_fabric_psymb_init(struct bfa_fcs_fabric_s *fabric)
	bfa_ioc_get_adapter_model(&fabric->fcs->bfa->ioc, model);

	/* Model name/number */
	strlcpy(port_cfg->sym_name.symname, model,
	strscpy(port_cfg->sym_name.symname, model,
		BFA_SYMNAME_MAXLEN);
	strlcat(port_cfg->sym_name.symname, BFA_FCS_PORT_SYMBNAME_SEPARATOR,
		BFA_SYMNAME_MAXLEN);
@@ -822,7 +822,7 @@ bfa_fcs_fabric_nsymb_init(struct bfa_fcs_fabric_s *fabric)
	bfa_ioc_get_adapter_model(&fabric->fcs->bfa->ioc, model);

	/* Model name/number */
	strlcpy(port_cfg->node_sym_name.symname, model,
	strscpy(port_cfg->node_sym_name.symname, model,
		BFA_SYMNAME_MAXLEN);
	strlcat(port_cfg->node_sym_name.symname,
			BFA_FCS_PORT_SYMBNAME_SEPARATOR,
+10 −10
Original line number Diff line number Diff line
@@ -2642,10 +2642,10 @@ bfa_fcs_fdmi_get_hbaattr(struct bfa_fcs_lport_fdmi_s *fdmi,
	bfa_ioc_get_adapter_fw_ver(&port->fcs->bfa->ioc,
					hba_attr->fw_version);

	strlcpy(hba_attr->driver_version, (char *)driver_info->version,
	strscpy(hba_attr->driver_version, (char *)driver_info->version,
		sizeof(hba_attr->driver_version));

	strlcpy(hba_attr->os_name, driver_info->host_os_name,
	strscpy(hba_attr->os_name, driver_info->host_os_name,
		sizeof(hba_attr->os_name));

	/*
@@ -2663,13 +2663,13 @@ bfa_fcs_fdmi_get_hbaattr(struct bfa_fcs_lport_fdmi_s *fdmi,
	bfa_fcs_fdmi_get_portattr(fdmi, &fcs_port_attr);
	hba_attr->max_ct_pyld = fcs_port_attr.max_frm_size;

	strlcpy(hba_attr->node_sym_name.symname,
	strscpy(hba_attr->node_sym_name.symname,
		port->port_cfg.node_sym_name.symname, BFA_SYMNAME_MAXLEN);
	strcpy(hba_attr->vendor_info, "QLogic");
	hba_attr->num_ports =
		cpu_to_be32(bfa_ioc_get_nports(&port->fcs->bfa->ioc));
	hba_attr->fabric_name = port->fabric->lps->pr_nwwn;
	strlcpy(hba_attr->bios_ver, hba_attr->option_rom_ver, BFA_VERSION_LEN);
	strscpy(hba_attr->bios_ver, hba_attr->option_rom_ver, BFA_VERSION_LEN);

}

@@ -2736,19 +2736,19 @@ bfa_fcs_fdmi_get_portattr(struct bfa_fcs_lport_fdmi_s *fdmi,
	/*
	 * OS device Name
	 */
	strlcpy(port_attr->os_device_name, driver_info->os_device_name,
	strscpy(port_attr->os_device_name, driver_info->os_device_name,
		sizeof(port_attr->os_device_name));

	/*
	 * Host name
	 */
	strlcpy(port_attr->host_name, driver_info->host_machine_name,
	strscpy(port_attr->host_name, driver_info->host_machine_name,
		sizeof(port_attr->host_name));

	port_attr->node_name = bfa_fcs_lport_get_nwwn(port);
	port_attr->port_name = bfa_fcs_lport_get_pwwn(port);

	strlcpy(port_attr->port_sym_name.symname,
	strscpy(port_attr->port_sym_name.symname,
		bfa_fcs_lport_get_psym_name(port).symname, BFA_SYMNAME_MAXLEN);
	bfa_fcs_lport_get_attr(port, &lport_attr);
	port_attr->port_type = cpu_to_be32(lport_attr.port_type);
@@ -3229,7 +3229,7 @@ bfa_fcs_lport_ms_gmal_response(void *fcsarg, struct bfa_fcxp_s *fcxp,
					rsp_str[gmal_entry->len-1] = 0;

				/* copy IP Address to fabric */
				strlcpy(bfa_fcs_lport_get_fabric_ipaddr(port),
				strscpy(bfa_fcs_lport_get_fabric_ipaddr(port),
					gmal_entry->ip_addr,
					BFA_FCS_FABRIC_IPADDR_SZ);
				break;
@@ -4667,7 +4667,7 @@ bfa_fcs_lport_ns_send_rspn_id(void *ns_cbarg, struct bfa_fcxp_s *fcxp_alloced)
		 * to that of the base port.
		 */

		strlcpy(symbl,
		strscpy(symbl,
			(char *)&(bfa_fcs_lport_get_psym_name
			 (bfa_fcs_get_base_port(port->fcs))),
			sizeof(symbl));
@@ -5194,7 +5194,7 @@ bfa_fcs_lport_ns_util_send_rspn_id(void *cbarg, struct bfa_fcxp_s *fcxp_alloced)
		 * For Vports, we append the vport's port symbolic name
		 * to that of the base port.
		 */
		strlcpy(symbl, (char *)&(bfa_fcs_lport_get_psym_name
		strscpy(symbl, (char *)&(bfa_fcs_lport_get_psym_name
			(bfa_fcs_get_base_port(port->fcs))),
			sizeof(symbl));

+1 −1
Original line number Diff line number Diff line
@@ -2788,7 +2788,7 @@ void
bfa_ioc_get_adapter_manufacturer(struct bfa_ioc_s *ioc, char *manufacturer)
{
	memset((void *)manufacturer, 0, BFA_ADAPTER_MFG_NAME_LEN);
	strlcpy(manufacturer, BFA_MFG_NAME, BFA_ADAPTER_MFG_NAME_LEN);
	strscpy(manufacturer, BFA_MFG_NAME, BFA_ADAPTER_MFG_NAME_LEN);
}

void
+1 −1
Original line number Diff line number Diff line
@@ -330,7 +330,7 @@ bfa_plog_str(struct bfa_plog_s *plog, enum bfa_plog_mid mid,
		lp.eid = event;
		lp.log_type = BFA_PL_LOG_TYPE_STRING;
		lp.misc = misc;
		strlcpy(lp.log_entry.string_log, log_str,
		strscpy(lp.log_entry.string_log, log_str,
			BFA_PL_STRING_LOG_SZ);
		lp.log_entry.string_log[BFA_PL_STRING_LOG_SZ - 1] = '\0';
		bfa_plog_add(plog, &lp);
Loading