Commit 60d645a4 authored by Dan Carpenter's avatar Dan Carpenter Committed by Nicholas Bellinger

target: Fix incorrect strlen() NULL terminator checks

This patch fixes a number of cases in target core using an incorrectly

	if (strlen(foo) > SOME_MAX_SIZE)

As strlen() returns the number of characters in the string not counting
the NULL character at the end.  So if you do something like:

        char buf[10];

        if (strlen("0123456789") > 10)
                return -ETOOLONG;
        snprintf(buf, 10, "0123456789");
        printf("%s\n", buf);

then the last "9" gets chopped off and only "012345678" is printed.

Plus I threw in one small related cleanup.
Signed-off-by: default avatarDan Carpenter <error27@gmail.com>
Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
parent 5eff5be0
...@@ -1143,7 +1143,7 @@ static ssize_t tcm_loop_tpg_store_nexus( ...@@ -1143,7 +1143,7 @@ static ssize_t tcm_loop_tpg_store_nexus(
* the fabric protocol_id set in tcm_loop_make_scsi_hba(), and call * the fabric protocol_id set in tcm_loop_make_scsi_hba(), and call
* tcm_loop_make_nexus() * tcm_loop_make_nexus()
*/ */
if (strlen(page) > TL_WWN_ADDR_LEN) { if (strlen(page) >= TL_WWN_ADDR_LEN) {
printk(KERN_ERR "Emulated NAA Sas Address: %s, exceeds" printk(KERN_ERR "Emulated NAA Sas Address: %s, exceeds"
" max: %d\n", page, TL_WWN_ADDR_LEN); " max: %d\n", page, TL_WWN_ADDR_LEN);
return -EINVAL; return -EINVAL;
...@@ -1324,7 +1324,7 @@ struct se_wwn *tcm_loop_make_scsi_hba( ...@@ -1324,7 +1324,7 @@ struct se_wwn *tcm_loop_make_scsi_hba(
return ERR_PTR(-EINVAL); return ERR_PTR(-EINVAL);
check_len: check_len:
if (strlen(name) > TL_WWN_ADDR_LEN) { if (strlen(name) >= TL_WWN_ADDR_LEN) {
printk(KERN_ERR "Emulated NAA %s Address: %s, exceeds" printk(KERN_ERR "Emulated NAA %s Address: %s, exceeds"
" max: %d\n", name, tcm_loop_dump_proto_id(tl_hba), " max: %d\n", name, tcm_loop_dump_proto_id(tl_hba),
TL_WWN_ADDR_LEN); TL_WWN_ADDR_LEN);
......
...@@ -304,7 +304,7 @@ struct target_fabric_configfs *target_fabric_configfs_init( ...@@ -304,7 +304,7 @@ struct target_fabric_configfs *target_fabric_configfs_init(
printk(KERN_ERR "Unable to locate passed fabric name\n"); printk(KERN_ERR "Unable to locate passed fabric name\n");
return NULL; return NULL;
} }
if (strlen(name) > TARGET_FABRIC_NAME_SIZE) { if (strlen(name) >= TARGET_FABRIC_NAME_SIZE) {
printk(KERN_ERR "Passed name: %s exceeds TARGET_FABRIC" printk(KERN_ERR "Passed name: %s exceeds TARGET_FABRIC"
"_NAME_SIZE\n", name); "_NAME_SIZE\n", name);
return NULL; return NULL;
...@@ -851,7 +851,7 @@ static ssize_t target_core_dev_wwn_store_attr_vpd_unit_serial( ...@@ -851,7 +851,7 @@ static ssize_t target_core_dev_wwn_store_attr_vpd_unit_serial(
return -EOPNOTSUPP; return -EOPNOTSUPP;
} }
if ((strlen(page) + 1) > INQUIRY_VPD_SERIAL_LEN) { if (strlen(page) >= INQUIRY_VPD_SERIAL_LEN) {
printk(KERN_ERR "Emulated VPD Unit Serial exceeds" printk(KERN_ERR "Emulated VPD Unit Serial exceeds"
" INQUIRY_VPD_SERIAL_LEN: %d\n", INQUIRY_VPD_SERIAL_LEN); " INQUIRY_VPD_SERIAL_LEN: %d\n", INQUIRY_VPD_SERIAL_LEN);
return -EOVERFLOW; return -EOVERFLOW;
...@@ -917,7 +917,7 @@ static ssize_t target_core_dev_wwn_show_attr_vpd_protocol_identifier( ...@@ -917,7 +917,7 @@ static ssize_t target_core_dev_wwn_show_attr_vpd_protocol_identifier(
transport_dump_vpd_proto_id(vpd, buf, VPD_TMP_BUF_SIZE); transport_dump_vpd_proto_id(vpd, buf, VPD_TMP_BUF_SIZE);
if ((len + strlen(buf) > PAGE_SIZE)) if ((len + strlen(buf) >= PAGE_SIZE))
break; break;
len += sprintf(page+len, "%s", buf); len += sprintf(page+len, "%s", buf);
...@@ -962,19 +962,19 @@ static ssize_t target_core_dev_wwn_show_attr_##_name( \ ...@@ -962,19 +962,19 @@ static ssize_t target_core_dev_wwn_show_attr_##_name( \
\ \
memset(buf, 0, VPD_TMP_BUF_SIZE); \ memset(buf, 0, VPD_TMP_BUF_SIZE); \
transport_dump_vpd_assoc(vpd, buf, VPD_TMP_BUF_SIZE); \ transport_dump_vpd_assoc(vpd, buf, VPD_TMP_BUF_SIZE); \
if ((len + strlen(buf) > PAGE_SIZE)) \ if ((len + strlen(buf) >= PAGE_SIZE)) \
break; \ break; \
len += sprintf(page+len, "%s", buf); \ len += sprintf(page+len, "%s", buf); \
\ \
memset(buf, 0, VPD_TMP_BUF_SIZE); \ memset(buf, 0, VPD_TMP_BUF_SIZE); \
transport_dump_vpd_ident_type(vpd, buf, VPD_TMP_BUF_SIZE); \ transport_dump_vpd_ident_type(vpd, buf, VPD_TMP_BUF_SIZE); \
if ((len + strlen(buf) > PAGE_SIZE)) \ if ((len + strlen(buf) >= PAGE_SIZE)) \
break; \ break; \
len += sprintf(page+len, "%s", buf); \ len += sprintf(page+len, "%s", buf); \
\ \
memset(buf, 0, VPD_TMP_BUF_SIZE); \ memset(buf, 0, VPD_TMP_BUF_SIZE); \
transport_dump_vpd_ident(vpd, buf, VPD_TMP_BUF_SIZE); \ transport_dump_vpd_ident(vpd, buf, VPD_TMP_BUF_SIZE); \
if ((len + strlen(buf) > PAGE_SIZE)) \ if ((len + strlen(buf) >= PAGE_SIZE)) \
break; \ break; \
len += sprintf(page+len, "%s", buf); \ len += sprintf(page+len, "%s", buf); \
} \ } \
...@@ -1299,7 +1299,7 @@ static ssize_t target_core_dev_pr_show_attr_res_pr_registered_i_pts( ...@@ -1299,7 +1299,7 @@ static ssize_t target_core_dev_pr_show_attr_res_pr_registered_i_pts(
&i_buf[0] : "", pr_reg->pr_res_key, &i_buf[0] : "", pr_reg->pr_res_key,
pr_reg->pr_res_generation); pr_reg->pr_res_generation);
if ((len + strlen(buf) > PAGE_SIZE)) if ((len + strlen(buf) >= PAGE_SIZE))
break; break;
len += sprintf(page+len, "%s", buf); len += sprintf(page+len, "%s", buf);
...@@ -1496,7 +1496,7 @@ static ssize_t target_core_dev_pr_store_attr_res_aptpl_metadata( ...@@ -1496,7 +1496,7 @@ static ssize_t target_core_dev_pr_store_attr_res_aptpl_metadata(
ret = -ENOMEM; ret = -ENOMEM;
goto out; goto out;
} }
if (strlen(i_port) > PR_APTPL_MAX_IPORT_LEN) { if (strlen(i_port) >= PR_APTPL_MAX_IPORT_LEN) {
printk(KERN_ERR "APTPL metadata initiator_node=" printk(KERN_ERR "APTPL metadata initiator_node="
" exceeds PR_APTPL_MAX_IPORT_LEN: %d\n", " exceeds PR_APTPL_MAX_IPORT_LEN: %d\n",
PR_APTPL_MAX_IPORT_LEN); PR_APTPL_MAX_IPORT_LEN);
...@@ -1510,7 +1510,7 @@ static ssize_t target_core_dev_pr_store_attr_res_aptpl_metadata( ...@@ -1510,7 +1510,7 @@ static ssize_t target_core_dev_pr_store_attr_res_aptpl_metadata(
ret = -ENOMEM; ret = -ENOMEM;
goto out; goto out;
} }
if (strlen(isid) > PR_REG_ISID_LEN) { if (strlen(isid) >= PR_REG_ISID_LEN) {
printk(KERN_ERR "APTPL metadata initiator_isid" printk(KERN_ERR "APTPL metadata initiator_isid"
"= exceeds PR_REG_ISID_LEN: %d\n", "= exceeds PR_REG_ISID_LEN: %d\n",
PR_REG_ISID_LEN); PR_REG_ISID_LEN);
...@@ -1571,7 +1571,7 @@ static ssize_t target_core_dev_pr_store_attr_res_aptpl_metadata( ...@@ -1571,7 +1571,7 @@ static ssize_t target_core_dev_pr_store_attr_res_aptpl_metadata(
ret = -ENOMEM; ret = -ENOMEM;
goto out; goto out;
} }
if (strlen(t_port) > PR_APTPL_MAX_TPORT_LEN) { if (strlen(t_port) >= PR_APTPL_MAX_TPORT_LEN) {
printk(KERN_ERR "APTPL metadata target_node=" printk(KERN_ERR "APTPL metadata target_node="
" exceeds PR_APTPL_MAX_TPORT_LEN: %d\n", " exceeds PR_APTPL_MAX_TPORT_LEN: %d\n",
PR_APTPL_MAX_TPORT_LEN); PR_APTPL_MAX_TPORT_LEN);
...@@ -3052,7 +3052,7 @@ static struct config_group *target_core_call_addhbatotarget( ...@@ -3052,7 +3052,7 @@ static struct config_group *target_core_call_addhbatotarget(
int ret; int ret;
memset(buf, 0, TARGET_CORE_NAME_MAX_LEN); memset(buf, 0, TARGET_CORE_NAME_MAX_LEN);
if (strlen(name) > TARGET_CORE_NAME_MAX_LEN) { if (strlen(name) >= TARGET_CORE_NAME_MAX_LEN) {
printk(KERN_ERR "Passed *name strlen(): %d exceeds" printk(KERN_ERR "Passed *name strlen(): %d exceeds"
" TARGET_CORE_NAME_MAX_LEN: %d\n", (int)strlen(name), " TARGET_CORE_NAME_MAX_LEN: %d\n", (int)strlen(name),
TARGET_CORE_NAME_MAX_LEN); TARGET_CORE_NAME_MAX_LEN);
......
...@@ -1431,7 +1431,7 @@ struct se_lun_acl *core_dev_init_initiator_node_lun_acl( ...@@ -1431,7 +1431,7 @@ struct se_lun_acl *core_dev_init_initiator_node_lun_acl(
struct se_lun_acl *lacl; struct se_lun_acl *lacl;
struct se_node_acl *nacl; struct se_node_acl *nacl;
if (strlen(initiatorname) > TRANSPORT_IQN_LEN) { if (strlen(initiatorname) >= TRANSPORT_IQN_LEN) {
printk(KERN_ERR "%s InitiatorName exceeds maximum size.\n", printk(KERN_ERR "%s InitiatorName exceeds maximum size.\n",
TPG_TFO(tpg)->get_fabric_name()); TPG_TFO(tpg)->get_fabric_name());
*ret = -EOVERFLOW; *ret = -EOVERFLOW;
......
...@@ -1916,7 +1916,7 @@ static int __core_scsi3_update_aptpl_buf( ...@@ -1916,7 +1916,7 @@ static int __core_scsi3_update_aptpl_buf(
pr_reg->pr_res_mapped_lun); pr_reg->pr_res_mapped_lun);
} }
if ((len + strlen(tmp) > pr_aptpl_buf_len)) { if ((len + strlen(tmp) >= pr_aptpl_buf_len)) {
printk(KERN_ERR "Unable to update renaming" printk(KERN_ERR "Unable to update renaming"
" APTPL metadata\n"); " APTPL metadata\n");
spin_unlock(&T10_RES(su_dev)->registration_lock); spin_unlock(&T10_RES(su_dev)->registration_lock);
...@@ -1934,7 +1934,7 @@ static int __core_scsi3_update_aptpl_buf( ...@@ -1934,7 +1934,7 @@ static int __core_scsi3_update_aptpl_buf(
TPG_TFO(tpg)->tpg_get_tag(tpg), TPG_TFO(tpg)->tpg_get_tag(tpg),
lun->lun_sep->sep_rtpi, lun->unpacked_lun, reg_count); lun->lun_sep->sep_rtpi, lun->unpacked_lun, reg_count);
if ((len + strlen(tmp) > pr_aptpl_buf_len)) { if ((len + strlen(tmp) >= pr_aptpl_buf_len)) {
printk(KERN_ERR "Unable to update renaming" printk(KERN_ERR "Unable to update renaming"
" APTPL metadata\n"); " APTPL metadata\n");
spin_unlock(&T10_RES(su_dev)->registration_lock); spin_unlock(&T10_RES(su_dev)->registration_lock);
...@@ -1986,7 +1986,7 @@ static int __core_scsi3_write_aptpl_to_file( ...@@ -1986,7 +1986,7 @@ static int __core_scsi3_write_aptpl_to_file(
memset(iov, 0, sizeof(struct iovec)); memset(iov, 0, sizeof(struct iovec));
memset(path, 0, 512); memset(path, 0, 512);
if (strlen(&wwn->unit_serial[0]) > 512) { if (strlen(&wwn->unit_serial[0]) >= 512) {
printk(KERN_ERR "WWN value for struct se_device does not fit" printk(KERN_ERR "WWN value for struct se_device does not fit"
" into path buffer\n"); " into path buffer\n");
return -1; return -1;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment