Module Name: src Committed By: mlelstv Date: Sun Aug 28 10:26:37 UTC 2022
Modified Files: src/sys/dev/scsipi: sd.c sdvar.h Log Message: Don't fetch data beyond end of inquiry buffer, which, here, is not NUL-terminated. Reduce target buffer to needed size (product name + NUL terminator). To generate a diff of this commit: cvs rdiff -u -r1.334 -r1.335 src/sys/dev/scsipi/sd.c cvs rdiff -u -r1.39 -r1.40 src/sys/dev/scsipi/sdvar.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/dev/scsipi/sd.c diff -u src/sys/dev/scsipi/sd.c:1.334 src/sys/dev/scsipi/sd.c:1.335 --- src/sys/dev/scsipi/sd.c:1.334 Mon Mar 28 12:39:46 2022 +++ src/sys/dev/scsipi/sd.c Sun Aug 28 10:26:37 2022 @@ -1,4 +1,4 @@ -/* $NetBSD: sd.c,v 1.334 2022/03/28 12:39:46 riastradh Exp $ */ +/* $NetBSD: sd.c,v 1.335 2022/08/28 10:26:37 mlelstv Exp $ */ /*- * Copyright (c) 1998, 2003, 2004 The NetBSD Foundation, Inc. @@ -47,7 +47,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: sd.c,v 1.334 2022/03/28 12:39:46 riastradh Exp $"); +__KERNEL_RCSID(0, "$NetBSD: sd.c,v 1.335 2022/08/28 10:26:37 mlelstv Exp $"); #ifdef _KERNEL_OPT #include "opt_scsi.h" @@ -258,9 +258,8 @@ sdattach(device_t parent, device_t self, SC_DEBUG(periph, SCSIPI_DB2, ("sdattach: ")); sd->type = (sa->sa_inqbuf.type & SID_TYPE); - strncpy(sd->name, sa->sa_inqbuf.product, sizeof(sd->name)); - - strncpy(sd->typename, sa->sa_inqbuf.product, sizeof(sd->typename)); + memcpy(sd->name, sa->sa_inqbuf.product, uimin(16, sizeof(sd->name))); + memcpy(sd->typename, sa->sa_inqbuf.product, uimin(16, sizeof(sd->typename))); if (sd->type == T_SIMPLE_DIRECT) periph->periph_quirks |= PQUIRK_ONLYBIG | PQUIRK_NOBIGMODESENSE; Index: src/sys/dev/scsipi/sdvar.h diff -u src/sys/dev/scsipi/sdvar.h:1.39 src/sys/dev/scsipi/sdvar.h:1.40 --- src/sys/dev/scsipi/sdvar.h:1.39 Tue Mar 19 06:59:40 2019 +++ src/sys/dev/scsipi/sdvar.h Sun Aug 28 10:26:37 2022 @@ -1,4 +1,4 @@ -/* $NetBSD: sdvar.h,v 1.39 2019/03/19 06:59:40 mlelstv Exp $ */ +/* $NetBSD: sdvar.h,v 1.40 2022/08/28 10:26:37 mlelstv Exp $ */ /*- * Copyright (c) 1998, 2004 The NetBSD Foundation, Inc. @@ -88,7 +88,7 @@ struct sd_softc { callout_t sc_callout; u_int8_t type; char name[16]; /* product name, for default disklabel */ - char typename[128+4+1]; /* stored in disk info */ + char typename[16+1]; /* stored in disk info */ }; #define SDGP_RESULT_OK 0 /* parameters obtained */