| Message ID | 20210528181337.792268-2-keescook@chromium.org (mailing list archive) |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | scsi: Fix a handful of memcpy() field overflows | expand |
On Fri, 2021-05-28 at 11:13 -0700, Kees Cook wrote: > In preparation for FORTIFY_SOURCE performing compile-time and run-time > field bounds checking for memcpy() using memcpy() with an inline const > buffer and instead just statically initialize the destination array > directly. [] > diff --git a/drivers/scsi/fcoe/fcoe.c b/drivers/scsi/fcoe/fcoe.c [] > @@ -293,7 +293,7 @@ static int fcoe_interface_setup(struct fcoe_interface *fcoe, > struct fcoe_ctlr *fip = fcoe_to_ctlr(fcoe); > struct netdev_hw_addr *ha; > struct net_device *real_dev; > - u8 flogi_maddr[ETH_ALEN]; > + u8 flogi_maddr[ETH_ALEN] = FC_FCOE_FLOGI_MAC; static const > @@ -442,7 +441,7 @@ static void fcoe_interface_remove(struct fcoe_interface *fcoe) > { > struct net_device *netdev = fcoe->netdev; > struct fcoe_ctlr *fip = fcoe_to_ctlr(fcoe); > - u8 flogi_maddr[ETH_ALEN]; > + u8 flogi_maddr[ETH_ALEN] = FC_FCOE_FLOGI_MAC; etc...
On Fri, May 28, 2021 at 11:28:59AM -0700, Joe Perches wrote: > On Fri, 2021-05-28 at 11:13 -0700, Kees Cook wrote: > > In preparation for FORTIFY_SOURCE performing compile-time and run-time > > field bounds checking for memcpy() using memcpy() with an inline const > > buffer and instead just statically initialize the destination array > > directly. > [] > > diff --git a/drivers/scsi/fcoe/fcoe.c b/drivers/scsi/fcoe/fcoe.c > [] > > @@ -293,7 +293,7 @@ static int fcoe_interface_setup(struct fcoe_interface *fcoe, > > struct fcoe_ctlr *fip = fcoe_to_ctlr(fcoe); > > struct netdev_hw_addr *ha; > > struct net_device *real_dev; > > - u8 flogi_maddr[ETH_ALEN]; > > + u8 flogi_maddr[ETH_ALEN] = FC_FCOE_FLOGI_MAC; > > static const > > > @@ -442,7 +441,7 @@ static void fcoe_interface_remove(struct fcoe_interface *fcoe) > > { > > struct net_device *netdev = fcoe->netdev; > > struct fcoe_ctlr *fip = fcoe_to_ctlr(fcoe); > > - u8 flogi_maddr[ETH_ALEN]; > > + u8 flogi_maddr[ETH_ALEN] = FC_FCOE_FLOGI_MAC; > > etc... Hm, good point.
diff --git a/drivers/scsi/fcoe/fcoe.c b/drivers/scsi/fcoe/fcoe.c index 89ec735929c3..8991990e6639 100644 --- a/drivers/scsi/fcoe/fcoe.c +++ b/drivers/scsi/fcoe/fcoe.c @@ -293,7 +293,7 @@ static int fcoe_interface_setup(struct fcoe_interface *fcoe, struct fcoe_ctlr *fip = fcoe_to_ctlr(fcoe); struct netdev_hw_addr *ha; struct net_device *real_dev; - u8 flogi_maddr[ETH_ALEN]; + u8 flogi_maddr[ETH_ALEN] = FC_FCOE_FLOGI_MAC; const struct net_device_ops *ops; fcoe->netdev = netdev; @@ -336,7 +336,6 @@ static int fcoe_interface_setup(struct fcoe_interface *fcoe, * or enter promiscuous mode if not capable of listening * for multiple unicast MACs. */ - memcpy(flogi_maddr, (u8[6]) FC_FCOE_FLOGI_MAC, ETH_ALEN); dev_uc_add(netdev, flogi_maddr); if (fip->spma) dev_uc_add(netdev, fip->ctl_src_addr); @@ -442,7 +441,7 @@ static void fcoe_interface_remove(struct fcoe_interface *fcoe) { struct net_device *netdev = fcoe->netdev; struct fcoe_ctlr *fip = fcoe_to_ctlr(fcoe); - u8 flogi_maddr[ETH_ALEN]; + u8 flogi_maddr[ETH_ALEN] = FC_FCOE_FLOGI_MAC; const struct net_device_ops *ops; /* @@ -458,7 +457,6 @@ static void fcoe_interface_remove(struct fcoe_interface *fcoe) synchronize_net(); /* Delete secondary MAC addresses */ - memcpy(flogi_maddr, (u8[6]) FC_FCOE_FLOGI_MAC, ETH_ALEN); dev_uc_del(netdev, flogi_maddr); if (fip->spma) dev_uc_del(netdev, fip->ctl_src_addr);
In preparation for FORTIFY_SOURCE performing compile-time and run-time field bounds checking for memcpy() using memcpy() with an inline const buffer and instead just statically initialize the destination array directly. Signed-off-by: Kees Cook <keescook@chromium.org> --- drivers/scsi/fcoe/fcoe.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-)