Author: asomers Date: Wed Nov 22 19:57:34 2017 New Revision: 326100 URL: https://svnweb.freebsd.org/changeset/base/326100
Log: Always null-terminate CAM periph_name and dev_name Reported by: Coverity CID: 1010039, 1010040, 1010041, 1010043 Reviewed by: ken, imp MFC after: 3 weeks Sponsored by: Spectra Logic Corp Differential Revision: https://reviews.freebsd.org/D13194 Modified: head/sys/cam/cam_xpt.c Modified: head/sys/cam/cam_xpt.c ============================================================================== --- head/sys/cam/cam_xpt.c Wed Nov 22 18:06:41 2017 (r326099) +++ head/sys/cam/cam_xpt.c Wed Nov 22 19:57:34 2017 (r326100) @@ -686,8 +686,9 @@ xptdoioctl(struct cdev *dev, u_long cmd, caddr_t addr, /* * Fill in the getdevlist fields. */ - strcpy(ccb->cgdl.periph_name, - periph->periph_name); + strlcpy(ccb->cgdl.periph_name, + periph->periph_name, + sizeof(ccb->cgdl.periph_name)); ccb->cgdl.unit_number = periph->unit_number; if (SLIST_NEXT(periph, periph_links)) @@ -1756,8 +1757,9 @@ xptedtbusfunc(struct cam_eb *bus, void *arg) cdm->matches[j].result.bus_result.bus_id = bus->sim->bus_id; cdm->matches[j].result.bus_result.unit_number = bus->sim->unit_number; - strncpy(cdm->matches[j].result.bus_result.dev_name, - bus->sim->sim_name, DEV_IDLEN); + strlcpy(cdm->matches[j].result.bus_result.dev_name, + bus->sim->sim_name, + sizeof(cdm->matches[j].result.bus_result.dev_name)); } /* @@ -1976,6 +1978,7 @@ xptedtperiphfunc(struct cam_periph *periph, void *arg) */ if (retval & DM_RET_COPY) { int spaceleft, j; + size_t l; spaceleft = cdm->match_buf_len - (cdm->num_matches * sizeof(struct dev_match_result)); @@ -2019,8 +2022,9 @@ xptedtperiphfunc(struct cam_periph *periph, void *arg) periph->path->device->lun_id; cdm->matches[j].result.periph_result.unit_number = periph->unit_number; - strncpy(cdm->matches[j].result.periph_result.periph_name, - periph->periph_name, DEV_IDLEN); + l = sizeof(cdm->matches[j].result.periph_result.periph_name); + strlcpy(cdm->matches[j].result.periph_result.periph_name, + periph->periph_name, l); } return(1); @@ -2115,6 +2119,7 @@ xptplistperiphfunc(struct cam_periph *periph, void *ar */ if (retval & DM_RET_COPY) { int spaceleft, j; + size_t l; spaceleft = cdm->match_buf_len - (cdm->num_matches * sizeof(struct dev_match_result)); @@ -2191,8 +2196,9 @@ xptplistperiphfunc(struct cam_periph *periph, void *ar cdm->matches[j].result.periph_result.unit_number = periph->unit_number; - strncpy(cdm->matches[j].result.periph_result.periph_name, - periph->periph_name, DEV_IDLEN); + l = sizeof(cdm->matches[j].result.periph_result.periph_name); + strlcpy(cdm->matches[j].result.periph_result.periph_name, + periph->periph_name, l); } return(1); @@ -2905,9 +2911,9 @@ call_sim: (nperiph != NULL) && (i <= cgdl->index); nperiph = SLIST_NEXT(nperiph, periph_links), i++) { if (i == cgdl->index) { - strncpy(cgdl->periph_name, + strlcpy(cgdl->periph_name, nperiph->periph_name, - DEV_IDLEN); + sizeof(cgdl->periph_name)); cgdl->unit_number = nperiph->unit_number; found = 1; } _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "[email protected]"
