On Wed, 2018-06-27 at 05:14 -0700, Nilesh Javali wrote: > Use sprintf instead of snprintf to fix truncation of target name. > This fix is extension of patch > "scsi: qedi: Fix truncation of CHAP name and secret". > > Signed-off-by: Nilesh Javali <[email protected]> > --- > drivers/scsi/qedi/qedi_main.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/scsi/qedi/qedi_main.c b/drivers/scsi/qedi/qedi_main.c > index cf274a7..85491da 100644 > --- a/drivers/scsi/qedi/qedi_main.c > +++ b/drivers/scsi/qedi/qedi_main.c > @@ -888,8 +888,8 @@ static void qedi_get_boot_tgt_info(struct nvm_iscsi_block > *block, > ipv6_en = !!(block->generic.ctrl_flags & > NVM_ISCSI_CFG_GEN_IPV6_ENABLED); > > - snprintf(tgt->iscsi_name, NVM_ISCSI_CFG_ISCSI_NAME_MAX_LEN, "%s\n", > - block->target[index].target_name.byte); > + sprintf(tgt->iscsi_name, "%.*s\n", NVM_ISCSI_CFG_ISCSI_NAME_MAX_LEN, > + block->target[index].target_name.byte); > > tgt->ipv6_en = ipv6_en;
Also this patch changes code that is fine into code that can trigger a buffer overflow. Additionally, for humans it is much harder than necessary to verify the above code. Please consider to use sizeof(tgt->iscsi_name) - 2 instead of NVM_ISCSI_CFG_ISCSI_NAME_MAX_LEN. Thanks, Bart.
