From patchwork Thu Apr 20 23:46:57 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kinga Tanska <kinga.tanska@intel.com>
X-Patchwork-Id: 13219557
Return-Path: <linux-raid-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2AA23C7618E
	for <linux-raid@archiver.kernel.org>; Fri, 21 Apr 2023 06:47:48 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230170AbjDUGrr (ORCPT <rfc822;linux-raid@archiver.kernel.org>);
        Fri, 21 Apr 2023 02:47:47 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42650 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230163AbjDUGrq (ORCPT
        <rfc822;linux-raid@vger.kernel.org>); Fri, 21 Apr 2023 02:47:46 -0400
Received: from mga18.intel.com (mga18.intel.com [134.134.136.126])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5A71CE74
        for <linux-raid@vger.kernel.org>;
 Thu, 20 Apr 2023 23:47:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1682059665; x=1713595665;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=Tx480VoExG6mKmfqKebARglRWDy1mvq9ezNuLqm4vRM=;
  b=Qm9yyk4V9pywxPhZDT1BNfuGX45h9ArMRVFXSAJHaXRsfFRhLn+Jpp37
   YTBLvL1UyIfCvAb+6fxxFQmI65/6zQvIe3onhodR0qlZ/asXIoqf4RW7V
   9xMQjbBrRvgbhNLJ8mTX+/WFvUBz4M6DQOg5sfF4zMCABoyJozsyJBiDQ
   RxIJD+mfMWSUnSDBXC1e9MFUV1LAT2vLmWDB2zGCEPz2j62EhZykZZIvX
   Qm2tdtqzPc0U8KFzNTkBDxKVqyJ1mo3eElRsjAIavnbwyJ7nKoI9NF0gq
   Kdgje1GPGVt4Z3Is+J0Oj4pjy23iMoXXIIqGIl/iCPaIKSiy1SQdIJzTm
   A==;
X-IronPort-AV: E=McAfee;i="6600,9927,10686"; a="330128190"
X-IronPort-AV: E=Sophos;i="5.99,214,1677571200";
   d="scan'208";a="330128190"
Received: from orsmga007.jf.intel.com ([10.7.209.58])
  by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 20 Apr 2023 23:47:45 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6600,9927,10686"; a="685641219"
X-IronPort-AV: E=Sophos;i="5.99,214,1677571200";
   d="scan'208";a="685641219"
Received: from unknown (HELO localhost.igk.intel.com) ([10.102.92.203])
  by orsmga007.jf.intel.com with ESMTP; 20 Apr 2023 23:47:43 -0700
From: Kinga Tanska <kinga.tanska@intel.com>
To: linux-raid@vger.kernel.org
Cc: jes@trained-monkey.org, colyli@suse.de
Subject: [PATCH 1/2] Fix unsafe string functions
Date: Fri, 21 Apr 2023 01:46:57 +0200
Message-Id: <20230420234658.367-2-kinga.tanska@intel.com>
X-Mailer: git-send-email 2.26.2
In-Reply-To: <20230420234658.367-1-kinga.tanska@intel.com>
References: <20230420234658.367-1-kinga.tanska@intel.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <linux-raid.vger.kernel.org>
X-Mailing-List: linux-raid@vger.kernel.org

Add string length limitations where necessary to
avoid buffer overflows.

Signed-off-by: Kinga Tanska <kinga.tanska@intel.com>
---
 mdmon.c          | 6 +++---
 mdopen.c         | 4 ++--
 platform-intel.c | 2 +-
 super-intel.c    | 6 +++---
 4 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/mdmon.c b/mdmon.c
index cef5bbc8..a2038fe6 100644
--- a/mdmon.c
+++ b/mdmon.c
@@ -240,7 +240,7 @@ static int make_control_sock(char *devname)
 		return -1;
 
 	addr.sun_family = PF_LOCAL;
-	strcpy(addr.sun_path, path);
+	snprintf(addr.sun_path, sizeof(addr.sun_path), "%s", path);
 	umask(077); /* ensure no world write access */
 	if (bind(sfd, (struct sockaddr*)&addr, sizeof(addr)) < 0) {
 		close(sfd);
@@ -389,7 +389,7 @@ int main(int argc, char *argv[])
 
 	if (all) {
 		struct mdstat_ent *mdstat, *e;
-		int container_len = strlen(container_name);
+		int container_len = strnlen(container_name, MD_NAME_MAX);
 
 		/* launch an mdmon instance for each container found */
 		mdstat = mdstat_read(0, 0);
@@ -472,7 +472,7 @@ static int mdmon(char *devnm, int must_fork, int takeover)
 		pfd[0] = pfd[1] = -1;
 
 	container = xcalloc(1, sizeof(*container));
-	strcpy(container->devnm, devnm);
+	snprintf(container->devnm, MD_NAME_MAX, "%s", devnm);
 	container->arrays = NULL;
 	container->sock = -1;
 
diff --git a/mdopen.c b/mdopen.c
index 810f79a3..d76169d9 100644
--- a/mdopen.c
+++ b/mdopen.c
@@ -193,14 +193,14 @@ int create_mddev(char *dev, char *name, int autof, int trustworthy,
 
 	if (dev) {
 		if (strncmp(dev, "/dev/md/", 8) == 0) {
-			strcpy(cname, dev+8);
+			snprintf(cname, MD_NAME_MAX, "%s", dev + 8);
 		} else if (strncmp(dev, "/dev/", 5) == 0) {
 			char *e = dev + strlen(dev);
 			while (e > dev && isdigit(e[-1]))
 				e--;
 			if (e[0])
 				num = strtoul(e, NULL, 10);
-			strcpy(cname, dev+5);
+			snprintf(cname, MD_NAME_MAX, "%s", dev + 5);
 			cname[e-(dev+5)] = 0;
 			/* name *must* be mdXX or md_dXX in this context */
 			if (num < 0 ||
diff --git a/platform-intel.c b/platform-intel.c
index 757f0b1b..22ebb2b1 100644
--- a/platform-intel.c
+++ b/platform-intel.c
@@ -201,7 +201,7 @@ struct sys_dev *device_by_id_and_path(__u16 device_id, const char *path)
 
 static int devpath_to_ll(const char *dev_path, const char *entry, unsigned long long *val)
 {
-	char path[strlen(dev_path) + strlen(entry) + 2];
+	char path[strnlen(dev_path, PATH_MAX) + strnlen(entry, PATH_MAX) + 2];
 	int fd;
 	int n;
 
diff --git a/super-intel.c b/super-intel.c
index a5c86cb2..0806bf03 100644
--- a/super-intel.c
+++ b/super-intel.c
@@ -6990,7 +6990,7 @@ active_arrays_by_format(char *name, char* hba, struct md_list **devlist,
 			int fd = -1;
 			while (dev && !is_fd_valid(fd)) {
 				char *path = xmalloc(strlen(dev->name) + strlen("/dev/") + 1);
-				num = sprintf(path, "%s%s", "/dev/", dev->name);
+				num = snprintf(path, PATH_MAX, "%s%s", "/dev/", dev->name);
 				if (num > 0)
 					fd = open(path, O_RDONLY, 0);
 				if (num <= 0 || !is_fd_valid(fd)) {
@@ -7889,7 +7889,7 @@ static int kill_subarray_imsm(struct supertype *st, char *subarray_id)
 
 		if (i < current_vol)
 			continue;
-		sprintf(subarray, "%u", i);
+		snprintf(subarray, sizeof(subarray), "%u", i);
 		if (is_subarray_active(subarray, st->devnm)) {
 			pr_err("deleting subarray-%d would change the UUID of active subarray-%d, aborting\n",
 			       current_vol, i);
@@ -11262,7 +11262,7 @@ static const char *imsm_get_disk_controller_domain(const char *path)
 	char *drv=NULL;
 	struct stat st;
 
-	strcpy(disk_path, disk_by_path);
+	strncpy(disk_path, disk_by_path, PATH_MAX);
 	strncat(disk_path, path, PATH_MAX - strlen(disk_path) - 1);
 	if (stat(disk_path, &st) == 0) {
 		struct sys_dev* hba;

From patchwork Thu Apr 20 23:46:58 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kinga Tanska <kinga.tanska@intel.com>
X-Patchwork-Id: 13219558
Return-Path: <linux-raid-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E814DC77B78
	for <linux-raid@archiver.kernel.org>; Fri, 21 Apr 2023 06:47:49 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230187AbjDUGrs (ORCPT <rfc822;linux-raid@archiver.kernel.org>);
        Fri, 21 Apr 2023 02:47:48 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42662 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230163AbjDUGrs (ORCPT
        <rfc822;linux-raid@vger.kernel.org>); Fri, 21 Apr 2023 02:47:48 -0400
Received: from mga18.intel.com (mga18.intel.com [134.134.136.126])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 24261100
        for <linux-raid@vger.kernel.org>;
 Thu, 20 Apr 2023 23:47:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1682059667; x=1713595667;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=OWTa7wcdGwyqVqKdOPlIdsoLB8T7e0LaooX/ELGsNP0=;
  b=BvKoeN5Fy4p4yUdRMPp35bLBGETGMp3eZ5h/HhQ02rvtAsAF4LLWJomP
   Tr0ipzWNMKfKPLYBYk/eZYJhifHdZhBvAB72wGs3jqD0hFFTA2+Kf216K
   QrYrE1sltrGjbJOZfQecC2EHq6qdi6xGpFlFQqiA9xfVRpQNipteK7WQw
   ULPNjyVfdE47DSrO4EXC1rvOS70L8tLI4qHFPlIov5FWWTCHrh/tp+eyy
   Zv0/3g2eeurTPfUfhV81LqlFlOEDl9LnKguJCHxYp7V2KzKjtoan0Djai
   OJKVz4dLaDfTcRfEfNl4W6dXQNbyMfqBkdr04RBmyuzAAd/i2o/c5AHyj
   w==;
X-IronPort-AV: E=McAfee;i="6600,9927,10686"; a="330128197"
X-IronPort-AV: E=Sophos;i="5.99,214,1677571200";
   d="scan'208";a="330128197"
Received: from orsmga007.jf.intel.com ([10.7.209.58])
  by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 20 Apr 2023 23:47:46 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6600,9927,10686"; a="685641226"
X-IronPort-AV: E=Sophos;i="5.99,214,1677571200";
   d="scan'208";a="685641226"
Received: from unknown (HELO localhost.igk.intel.com) ([10.102.92.203])
  by orsmga007.jf.intel.com with ESMTP; 20 Apr 2023 23:47:45 -0700
From: Kinga Tanska <kinga.tanska@intel.com>
To: linux-raid@vger.kernel.org
Cc: jes@trained-monkey.org, colyli@suse.de
Subject: [PATCH 2/2] platform-intel: limit guid length
Date: Fri, 21 Apr 2023 01:46:58 +0200
Message-Id: <20230420234658.367-3-kinga.tanska@intel.com>
X-Mailer: git-send-email 2.26.2
In-Reply-To: <20230420234658.367-1-kinga.tanska@intel.com>
References: <20230420234658.367-1-kinga.tanska@intel.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <linux-raid.vger.kernel.org>
X-Mailing-List: linux-raid@vger.kernel.org

Moving GUID_STR_MAX to header to use it as
a length limitation for snprintf function.

Signed-off-by: Kinga Tanska <kinga.tanska@intel.com>
---
 platform-intel.c | 3 ---
 platform-intel.h | 5 ++++-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/platform-intel.c b/platform-intel.c
index 22ebb2b1..e63a112a 100644
--- a/platform-intel.c
+++ b/platform-intel.c
@@ -496,9 +496,6 @@ static const struct imsm_orom *find_imsm_hba_orom(struct sys_dev *hba)
 	return get_orom_by_device_id(hba->dev_id);
 }
 
-#define GUID_STR_MAX	37  /* according to GUID format:
-			     * xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" */
-
 #define EFI_GUID(a, b, c, d0, d1, d2, d3, d4, d5, d6, d7) \
 ((struct efi_guid) \
 {{ (a) & 0xff, ((a) >> 8) & 0xff, ((a) >> 16) & 0xff, ((a) >> 24) & 0xff, \
diff --git a/platform-intel.h b/platform-intel.h
index 6238d23f..3d15411b 100644
--- a/platform-intel.h
+++ b/platform-intel.h
@@ -19,6 +19,9 @@
 #include <asm/types.h>
 #include <strings.h>
 
+/* according to GUID format: "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" */
+#define GUID_STR_MAX	37
+
 /* The IMSM Capability (IMSM AHCI and ISCU OROM/EFI variable) Version Table definition */
 struct imsm_orom {
 	__u8 signature[4];
@@ -228,7 +231,7 @@ extern struct orom_entry *orom_entries;
 
 static inline char *guid_str(char *buf, struct efi_guid guid)
 {
-	sprintf(buf, "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x",
+	snprintf(buf, GUID_STR_MAX, "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x",
 		 guid.b[3], guid.b[2], guid.b[1], guid.b[0],
 		 guid.b[5], guid.b[4], guid.b[7], guid.b[6],
 		 guid.b[8], guid.b[9], guid.b[10], guid.b[11],