Re: [PATCH 13/20] scsi: zfcp: Manual replacement of the deprecated strlcpy() with return values

Benjamin Block <bblock@xxxxxxxxxxxxx> · Mon, 22 Feb 2021 17:04:29 +0100

On Mon, Feb 22, 2021 at 04:12:24PM +0100, Romain Perier wrote:
> The strlcpy() reads the entire source buffer first, it is dangerous if
> the source buffer lenght is unbounded or possibility non NULL-terminated.
> It can lead to linear read overflows, crashes, etc...
> 
> As recommended in the deprecated interfaces [1], it should be replaced
> by strscpy.
> 
> This commit replaces all calls to strlcpy that handle the return values
> by the corresponding strscpy calls with new handling of the return
> values (as it is quite different between the two functions).
> 
> [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
> 
> Signed-off-by: Romain Perier <romain.perier@xxxxxxxxx>
> ---
>  drivers/s390/scsi/zfcp_fc.c |    8 +++++---
>  1 file changed, 5 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/s390/scsi/zfcp_fc.c b/drivers/s390/scsi/zfcp_fc.c
> index d24cafe02708..8a65241011b9 100644
> --- a/drivers/s390/scsi/zfcp_fc.c
> +++ b/drivers/s390/scsi/zfcp_fc.c
> @@ -877,14 +877,16 @@ static void zfcp_fc_rspn(struct zfcp_adapter *adapter,
>  	struct zfcp_fsf_ct_els *ct_els = &fc_req->ct_els;
>  	struct zfcp_fc_rspn_req *rspn_req = &fc_req->u.rspn.req;
>  	struct fc_ct_hdr *rspn_rsp = &fc_req->u.rspn.rsp;
> -	int ret, len;
> +	int ret;
> +	ssize_t len;
>  
>  	zfcp_fc_ct_ns_init(&rspn_req->ct_hdr, FC_NS_RSPN_ID,
>  			   FC_SYMBOLIC_NAME_SIZE);
>  	hton24(rspn_req->rspn.fr_fid.fp_fid, fc_host_port_id(shost));
> -	len = strlcpy(rspn_req->rspn.fr_name, fc_host_symbolic_name(shost),
> +	len = strscpy(rspn_req->rspn.fr_name, fc_host_symbolic_name(shost),
>  		      FC_SYMBOLIC_NAME_SIZE);
> -	rspn_req->rspn.fr_name_len = len;
> +	if (len != -E2BIG)
> +		rspn_req->rspn.fr_name_len = len;

That is a bug. Leaving `rspn.fr_name_len` uninitialized defeats the
purpose of sending a RSPN.

How about:
	if (len == -E2BIG)
		rspn_req->rspn.fr_name_len = FC_SYMBOLIC_NAME_SIZE - 1;
	else
		rspn_req->rspn.fr_name_len = len;

>  
>  	sg_init_one(&fc_req->sg_req, rspn_req, sizeof(*rspn_req));
>  	sg_init_one(&fc_req->sg_rsp, rspn_rsp, sizeof(*rspn_rsp));
> 

-- 
Best Regards, Benjamin Block  / Linux on IBM Z Kernel Development / IBM Systems
IBM Deutschland Research & Development GmbH    /    https://www.ibm.com/privacy
Vorsitz. AufsR.: Gregor Pillen         /        Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen / Registergericht: AmtsG Stuttgart, HRB 243294