| Message ID | 20180903131558.21cdeb35@canb.auug.org.au (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | fs/cifs: suppress a string overflow warning | expand |
Merged into cifs-2.6.git for-next Is the message annoying enough on powerpc to merit going into 4.19-rc3, presumably should wait for 4.20? On Sun, Sep 2, 2018 at 10:24 PM Stephen Rothwell <sfr@canb.auug.org.au> wrote: > > A powerpc build of cifs with gcc v8.2.0 produces this warning: > > fs/cifs/cifssmb.c: In function ‘CIFSSMBNegotiate’: > fs/cifs/cifssmb.c:605:3: warning: ‘strncpy’ writing 16 bytes into a region of size 1 overflows the destination [-Wstringop-overflow=] > strncpy(pSMB->DialectsArray+count, protocols[i].name, 16); > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > Since we are already doing a strlen() on the source, change the strncpy > to a memcpy(). > > Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au> > --- > fs/cifs/cifssmb.c | 10 +++++++--- > 1 file changed, 7 insertions(+), 3 deletions(-) > > diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c > index dc2f4cf08fe9..dcf939cb9d2f 100644 > --- a/fs/cifs/cifssmb.c > +++ b/fs/cifs/cifssmb.c > @@ -601,10 +601,14 @@ CIFSSMBNegotiate(const unsigned int xid, struct cifs_ses *ses) > } > > count = 0; > + /* > + * We know that all the name entries in the protocols array > + * are short (< 16 bytes anyway) and are NUL terminated. > + */ > for (i = 0; i < CIFS_NUM_PROT; i++) { > - strncpy(pSMB->DialectsArray+count, protocols[i].name, 16); > - count += strlen(protocols[i].name) + 1; > - /* null at end of source and target buffers anyway */ > + size_t len = strlen(protocols[i].name) + 1; > + memcpy(pSMB->DialectsArray+count, protocols[i].name, len); > + count += len; > } > inc_rfc1001_len(pSMB, count); > pSMB->ByteCount = cpu_to_le16(count); > -- > 2.19.0.rc1 > > -- > Cheers, > Stephen Rothwell
Hi Steve, On Mon, 3 Sep 2018 09:44:17 -0500 Steve French <smfrench@gmail.com> wrote: > > Merged into cifs-2.6.git for-next > > Is the message annoying enough on powerpc to merit going into > 4.19-rc3, presumably should wait for 4.20? Up to you, but 4.20 is probably fine.
ok - it looks like it will be a little simpler if I wait On Mon, Sep 3, 2018 at 8:22 PM Stephen Rothwell <sfr@canb.auug.org.au> wrote: > > Hi Steve, > > On Mon, 3 Sep 2018 09:44:17 -0500 Steve French <smfrench@gmail.com> wrote: > > > > Merged into cifs-2.6.git for-next > > > > Is the message annoying enough on powerpc to merit going into > > 4.19-rc3, presumably should wait for 4.20? > > Up to you, but 4.20 is probably fine. > > -- > Cheers, > Stephen Rothwell
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c index dc2f4cf08fe9..dcf939cb9d2f 100644 --- a/fs/cifs/cifssmb.c +++ b/fs/cifs/cifssmb.c @@ -601,10 +601,14 @@ CIFSSMBNegotiate(const unsigned int xid, struct cifs_ses *ses) } count = 0; + /* + * We know that all the name entries in the protocols array + * are short (< 16 bytes anyway) and are NUL terminated. + */ for (i = 0; i < CIFS_NUM_PROT; i++) { - strncpy(pSMB->DialectsArray+count, protocols[i].name, 16); - count += strlen(protocols[i].name) + 1; - /* null at end of source and target buffers anyway */ + size_t len = strlen(protocols[i].name) + 1; + memcpy(pSMB->DialectsArray+count, protocols[i].name, len); + count += len; } inc_rfc1001_len(pSMB, count); pSMB->ByteCount = cpu_to_le16(count);
A powerpc build of cifs with gcc v8.2.0 produces this warning: fs/cifs/cifssmb.c: In function ‘CIFSSMBNegotiate’: fs/cifs/cifssmb.c:605:3: warning: ‘strncpy’ writing 16 bytes into a region of size 1 overflows the destination [-Wstringop-overflow=] strncpy(pSMB->DialectsArray+count, protocols[i].name, 16); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Since we are already doing a strlen() on the source, change the strncpy to a memcpy(). Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au> --- fs/cifs/cifssmb.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-)