Hi,
Another code pattern using the gloriously ambiguous strncpy() function was
turning maybe not-NUL-terminated character arrays into NUL-terminated
strings. In these cases, when strncpy() is replaced with strscpy()
it creates a situation where if the non-terminated string takes up the
entire character array (i.e. it is not terminated) run-time warnings
from CONFIG_FORTIFY_SOURCE will trip, since strscpy() was expecting to
find a NUL-terminated source but checking for the NUL would walk off
the end of the source buffer.
In doing an instrumented build of the kernel to find these cases, it
seems it was almost entirely a code pattern used in the SCSI subsystem,
so the creation of the new helper, memtostr(), can land via the SCSI
tree. And, as it turns out, inappropriate conversions have been happening
for several years now, some of which even moved through strlcpy() first
(and were never noticed either).
This series fixes all 4 of the instances I could find in the SCSI
subsystem.
Thanks,
-Kees
Kees Cook (5):
string.h: Introduce memtostr() and memtostr_pad()
scsi: mptfusion: Avoid possible run-time warning with long
manufacturer strings
scsi: mpt3sas: Avoid possible run-time warning with long manufacturer
strings
scsi: mpi3mr: Avoid possible run-time warning with long manufacturer
strings
scsi: qla2xxx: Avoid possible run-time warning with long model_num
drivers/message/fusion/mptsas.c | 14 +++----
drivers/scsi/mpi3mr/mpi3mr_transport.c | 14 +++----
drivers/scsi/mpt3sas/mpt3sas_base.c | 2 +-
drivers/scsi/mpt3sas/mpt3sas_transport.c | 14 +++----
drivers/scsi/qla2xxx/qla_mr.c | 6 +--
include/linux/string.h | 49 ++++++++++++++++++++++++
lib/strscpy_kunit.c | 26 +++++++++++++
7 files changed, 93 insertions(+), 32 deletions(-)
--
2.34.1
