From nobody Sat Apr 18 17:27:35 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B8E2AC433EF for ; Tue, 12 Jul 2022 11:39:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232285AbiGLLjy (ORCPT ); Tue, 12 Jul 2022 07:39:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52810 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230230AbiGLLjx (ORCPT ); Tue, 12 Jul 2022 07:39:53 -0400 Received: from mail.ispras.ru (mail.ispras.ru [83.149.199.84]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 89D55AC077; Tue, 12 Jul 2022 04:39:51 -0700 (PDT) Received: from localhost.localdomain (unknown [83.149.199.65]) by mail.ispras.ru (Postfix) with ESMTPS id 8B01D40737D7; Tue, 12 Jul 2022 11:39:43 +0000 (UTC) From: Valentina Goncharenko To: Anil Gurumurthy Cc: Valentina Goncharenko , Sudarsana Kalluru , "James E.J. Bottomley" , "Martin K. Petersen" , Krishna Gudipati , James Bottomley , linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org, ldv-project@linuxtesting.org Subject: [PATCH] scsi: bfa: Harden loop checks in bfad_iocmd_ioc_get_info() Date: Tue, 12 Jul 2022 14:39:13 +0300 Message-Id: <20220712113913.350385-1-goncharenko.vp@ispras.ru> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" Loop conditions 'i < BFA_STRING_32' in bfad_iocmd_ioc_get_info() do not prevent buffer overflow while writing data to 'iocmd->adapter_hwpath[i]' after the loop because on incorrect data 'i' can be incremented anyway. The patch hardens the loop conditions to avoid buffer overflow in case of invalid data, while it does not affect the processing of valid 'adapter_hwpath'. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: e6826c96ced7 ("[SCSI] bfa: Add support to read/update the FRU data.") Signed-off-by: Valentina Goncharenko --- drivers/scsi/bfa/bfad_bsg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/scsi/bfa/bfad_bsg.c b/drivers/scsi/bfa/bfad_bsg.c index be8dfbe13e90..73ef29c83262 100644 --- a/drivers/scsi/bfa/bfad_bsg.c +++ b/drivers/scsi/bfa/bfad_bsg.c @@ -98,9 +98,9 @@ bfad_iocmd_ioc_get_info(struct bfad_s *bfad, void *cmd) =20 /* set adapter hw path */ strcpy(iocmd->adapter_hwpath, bfad->pci_name); - for (i =3D 0; iocmd->adapter_hwpath[i] !=3D ':' && i < BFA_STRING_32; i++) + for (i =3D 0; iocmd->adapter_hwpath[i] !=3D ':' && i < BFA_STRING_32 - 2;= i++) ; - for (; iocmd->adapter_hwpath[++i] !=3D ':' && i < BFA_STRING_32; ) + for (; iocmd->adapter_hwpath[++i] !=3D ':' && i < BFA_STRING_32 - 1; ) ; iocmd->adapter_hwpath[i] =3D '\0'; iocmd->status =3D BFA_STATUS_OK; --=20 2.25.1