Date: Mon, 21 Nov 2022 13:29:03 +0300 Subject: [PATCH] scsi:bfa: Eliminated buffer overflow Buffer 'cmd->adapter_hwpath' of size 32 accessed at bfad_bsg.c:101:103 can overflow, since its index 'i' can have value 32 that is out of range. Signed-off-by: Denis Arefev <arefev@xxxxxxxxx> --- drivers/scsi/bfa/bfad_bsg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/scsi/bfa/bfad_bsg.c b/drivers/scsi/bfa/bfad_bsg.c index be8dfbe13e90..78615ffc62ef 100644 --- a/drivers/scsi/bfa/bfad_bsg.c +++ b/drivers/scsi/bfa/bfad_bsg.c @@ -98,9 +98,9 @@ bfad_iocmd_ioc_get_info(struct bfad_s *bfad, void *cmd) /* set adapter hw path */ strcpy(iocmd->adapter_hwpath, bfad->pci_name); - for (i = 0; iocmd->adapter_hwpath[i] != ':' && i < BFA_STRING_32; i++) + for (i = 0; iocmd->adapter_hwpath[i] != ':' && i < BFA_STRING_32-2; i++) ; - for (; iocmd->adapter_hwpath[++i] != ':' && i < BFA_STRING_32; ) + for (; iocmd->adapter_hwpath[++i] != ':' && i < BFA_STRING_32-1; ) ; iocmd->adapter_hwpath[i] = '\0'; iocmd->status = BFA_STATUS_OK; -- 2.25.1