On Fri, Dec 31, 2021 at 09:55:00AM -0500, James Bottomley wrote:
> On Tue, 2021-12-14 at 10:05 +0300, Dan Carpenter wrote:
> > The "mybuf" string comes from the user, so we need to ensure that it
> > is NUL terminated.
> >
> > Fixes: bd2cdd5e400f ("scsi: lpfc: NVME Initiator: Add debugfs
> > support")
> > Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> > ---
> > drivers/scsi/lpfc/lpfc_debugfs.c | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/scsi/lpfc/lpfc_debugfs.c
> > b/drivers/scsi/lpfc/lpfc_debugfs.c
> > index 21152c9a96ef..30fac2f6fb06 100644
> > --- a/drivers/scsi/lpfc/lpfc_debugfs.c
> > +++ b/drivers/scsi/lpfc/lpfc_debugfs.c
> > @@ -2954,8 +2954,8 @@ lpfc_debugfs_nvmeio_trc_write(struct file
> > *file, const char __user *buf,
> > char mybuf[64];
> > char *pbuf;
> >
> > - if (nbytes > 64)
> > - nbytes = 64;
> > + if (nbytes > 63)
> > + nbytes = 63;
>
> Just for future reference, next time could we do
>
> if (nbytes > sizeof(mybuf) - 1)
> nbytes = sizeof(mybuf) - 1;
>
> just so we minimize the possibility of screw ups in the unlikely event
> that someone reduces the size of the mybuf array?
Yeah. Good point. Will do that next time.
regards,
dan carpenter
