Commit 45e833f0 authored by Justin Stitt's avatar Justin Stitt Committed by Martin K. Petersen

scsi: message: fusion: Replace deprecated strncpy() with strscpy()

strncpy() is deprecated for use on NUL-terminated destination strings [1]
and as such we should prefer more robust and less ambiguous string
interfaces.

The only caller of mptsas_exp_repmanufacture_info() is
mptsas_probe_one_phy() which can allocate rphy in either
sas_end_device_alloc() or sas_expander_alloc(). Both of which
zero-allocate:

|       rdev = kzalloc(sizeof(*rdev), GFP_KERNEL);

... this is supplied to mptsas_exp_repmanufacture_info() as edev meaning
that no future NUL-padding of edev members is needed.

Considering the above, a suitable replacement is strscpy() [2] due to the
fact that it guarantees NUL-termination on the destination buffer without
unnecessarily NUL-padding.

Also use the more idiomatic strscpy() pattern of (dest, src, sizeof(dest)).

Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: default avatarJustin Stitt <justinstitt@google.com>
Link: https://lore.kernel.org/r/20231003-strncpy-drivers-message-fusion-mptsas-c-v2-1-5ce07e60bd21@google.comReviewed-by: default avatarKees Cook <keescook@chromium.org>
Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
parent 4280a0a7
...@@ -2964,17 +2964,17 @@ mptsas_exp_repmanufacture_info(MPT_ADAPTER *ioc, ...@@ -2964,17 +2964,17 @@ mptsas_exp_repmanufacture_info(MPT_ADAPTER *ioc,
goto out_free; goto out_free;
manufacture_reply = data_out + sizeof(struct rep_manu_request); manufacture_reply = data_out + sizeof(struct rep_manu_request);
strncpy(edev->vendor_id, manufacture_reply->vendor_id, strscpy(edev->vendor_id, manufacture_reply->vendor_id,
SAS_EXPANDER_VENDOR_ID_LEN); sizeof(edev->vendor_id));
strncpy(edev->product_id, manufacture_reply->product_id, strscpy(edev->product_id, manufacture_reply->product_id,
SAS_EXPANDER_PRODUCT_ID_LEN); sizeof(edev->product_id));
strncpy(edev->product_rev, manufacture_reply->product_rev, strscpy(edev->product_rev, manufacture_reply->product_rev,
SAS_EXPANDER_PRODUCT_REV_LEN); sizeof(edev->product_rev));
edev->level = manufacture_reply->sas_format; edev->level = manufacture_reply->sas_format;
if (manufacture_reply->sas_format) { if (manufacture_reply->sas_format) {
strncpy(edev->component_vendor_id, strscpy(edev->component_vendor_id,
manufacture_reply->component_vendor_id, manufacture_reply->component_vendor_id,
SAS_EXPANDER_COMPONENT_VENDOR_ID_LEN); sizeof(edev->component_vendor_id));
tmp = (u8 *)&manufacture_reply->component_id; tmp = (u8 *)&manufacture_reply->component_id;
edev->component_id = tmp[0] << 8 | tmp[1]; edev->component_id = tmp[0] << 8 | tmp[1];
edev->component_revision_id = edev->component_revision_id =
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment