On Mon, Jun 29, 2020 at 9:26 PM Bart Van Assche <bvanassche@xxxxxxx> wrote:
> On 2020-06-29 11:33, Arnd Bergmann wrote:
> > On Mon, Jun 29, 2020 at 6:11 PM Bart Van Assche <bvanassche@xxxxxxx> wrote:
> >> diff --git a/drivers/scsi/ch.c b/drivers/scsi/ch.c
> >> index b81b397366db..b675a01380eb 100644
> >> --- a/drivers/scsi/ch.c
> >> +++ b/drivers/scsi/ch.c
> >> @@ -651,19 +651,23 @@ static long ch_ioctl(struct file *file,
> >> memset(&vparams,0,sizeof(vparams));
> >> if (ch->counts[CHET_V1]) {
> >> vparams.cvp_n1 = ch->counts[CHET_V1];
> >> - memcpy(vparams.cvp_label1,vendor_labels[0],16);
> >> + strncpy(vparams.cvp_label1, vendor_labels[0],
> >> + ARRAY_SIZE(vparams.cvp_label1));
> >> }
> >
> > Against which tree is this? I see in mainline the correct
> >
> > strncpy(vparams.cvp_label1,vendor_labels[0],16);
> >
> > rather than the broken memcpy. If this was changed recently to the
> > broken version, maybe send a revert, or add a "Fixes" tag?
>
> Hi Arnd,
>
> Thanks for having taken a look. This patch applies to Martin's for-next
> branch. The most recent ch patch I found in Linus' master branch is "ch:
> remove ch_mutex()" from February 2020. I haven't found any more recent
> ch patches in the linux-next/master branch either. Have I perhaps been
> looking at the wrong repository or the wrong branch?
That is the right branch, and I don't see any later changes to the file
after Feb 2020 in there or in mainline either, but I also clearly see it
using strncpy(). See also:
https://elixir.bootlin.com/linux/v5.8-rc3/source/drivers/scsi/ch.c#L647
I think there were some patches under discussion about replacing
a lot of strncpy() calls with the more intuitive memcpy(), strnlcpy()
or strscpy() alternatives, but in this case strncpy() in in fact the
correct one (as you also concluded) and I don't see any patches to
this file getting applied to that effect.
Arnd
