From patchwork Mon Nov 21 11:11:04 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Denis Arefev X-Patchwork-Id: 13056152 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6E1A9C43217 for ; Mon, 21 Nov 2022 11:16:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231148AbiKULQk (ORCPT ); Mon, 21 Nov 2022 06:16:40 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40066 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230407AbiKULQU (ORCPT ); Mon, 21 Nov 2022 06:16:20 -0500 Received: from mx.swemel.ru (mx.swemel.ru [95.143.211.150]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EF5BCC287E; Mon, 21 Nov 2022 03:11:35 -0800 (PST) From: Denis Arefev DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=swemel.ru; s=mail; t=1669029064; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=/EgY2lXCAdAF7z2NAmaypvnrmSLjUVovTOiSsKJSrC4=; b=mrCHEs3LP4MiDp0HC7rR5o7PSz4Lyw/+K937QFY9hwoliOXZZU+B77+qFTxW/KOALmNICq HZrN9qokGljlUTPg6PfBqMxjQG5KflbSyKzvcz/8oS+G0Jg6sBb7s7vydcUKH27vIEOGWj QxGwY+0unt7q36VMC06COYt5syj09wU= To: Anil Gurumurthy Cc: Sudarsana Kalluru , "James E.J. Bottomley" , "Martin K. Petersen" , linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org, trufanov@swemel.ru, vfh@swemel.ru Subject: Date: Mon, 21 Nov 2022 14:11:04 +0300 Message-Id: <20221121111104.7186-1-arefev@swemel.ru> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-scsi@vger.kernel.org Date: Mon, 21 Nov 2022 13:29:03 +0300 Subject: [PATCH] scsi:bfa: Eliminated buffer overflow Buffer 'cmd->adapter_hwpath' of size 32 accessed at bfad_bsg.c:101:103 can overflow, since its index 'i' can have value 32 that is out of range. Signed-off-by: Denis Arefev --- drivers/scsi/bfa/bfad_bsg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/scsi/bfa/bfad_bsg.c b/drivers/scsi/bfa/bfad_bsg.c index be8dfbe13e90..78615ffc62ef 100644 --- a/drivers/scsi/bfa/bfad_bsg.c +++ b/drivers/scsi/bfa/bfad_bsg.c @@ -98,9 +98,9 @@ bfad_iocmd_ioc_get_info(struct bfad_s *bfad, void *cmd) /* set adapter hw path */ strcpy(iocmd->adapter_hwpath, bfad->pci_name); - for (i = 0; iocmd->adapter_hwpath[i] != ':' && i < BFA_STRING_32; i++) + for (i = 0; iocmd->adapter_hwpath[i] != ':' && i < BFA_STRING_32-2; i++) ; - for (; iocmd->adapter_hwpath[++i] != ':' && i < BFA_STRING_32; ) + for (; iocmd->adapter_hwpath[++i] != ':' && i < BFA_STRING_32-1; ) ; iocmd->adapter_hwpath[i] = '\0'; iocmd->status = BFA_STATUS_OK;