drivers/target/target_core_configfs.c | 12 ++++++++++++ 1 file changed, 12 insertions(+)
From: Andrey Vatoropin <a.vatoropin@crpt.ru>
Some functions accept a string input parameter, which is then passed to
strscpy(). If strscpy() returns zero the (len > 0) branch is not taken and
`stripped` remains NULL. The subsequent check (len < 0 || len >
INQUIRY_VENDOR_LEN) does not catch this case, allowing a NULL `stripped`
pointer to be passed to target_check_inquiry_data().
Therefore, the existing checks are insufficient to prevent the use of a
NULL pointer when an empty string is passed.
Add exclusion of zero-length strings to avoid dereferencing a NULL
`stripped` pointer.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 54a6f3f6a43c ("scsi: target: add device vendor_id configfs attribute")
Signed-off-by: Andrey Vatoropin <a.vatoropin@crpt.ru>
---
drivers/target/target_core_configfs.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c
index a1c91d4515bc..3aaa2b931009 100644
--- a/drivers/target/target_core_configfs.c
+++ b/drivers/target/target_core_configfs.c
@@ -1455,6 +1455,10 @@ static ssize_t target_wwn_vendor_id_store(struct config_item *item,
"\n");
return -EOVERFLOW;
}
+ if (len == 0) {
+ pr_err("Emulated T10 Vendor Identification equals zero.\n");
+ return -EINVAL;
+ }
ret = target_check_inquiry_data(stripped);
@@ -1511,6 +1515,10 @@ static ssize_t target_wwn_product_id_store(struct config_item *item,
"\n");
return -EOVERFLOW;
}
+ if (len == 0) {
+ pr_err("Emulated T10 Vendor equals zero.\n");
+ return -EINVAL;
+ }
ret = target_check_inquiry_data(stripped);
@@ -1567,6 +1575,10 @@ static ssize_t target_wwn_revision_store(struct config_item *item,
"\n");
return -EOVERFLOW;
}
+ if (len == 0) {
+ pr_err("Emulated T10 Revision equals zero.\n");
+ return -EINVAL;
+ }
ret = target_check_inquiry_data(stripped);
--
2.43.0On Wed, 2026-04-08 at 10:14 +0000, Ваторопин Андрей wrote: > From: Andrey Vatoropin <a.vatoropin@crpt.ru> Just so you know what's going on, the company you work for (CRPT) is listed as majority owned by USM Holdings LLC: https://tadviser.com/index.php/Company:USM_Holdings Who are on quite a big sanctions list including the US SDN list: https://sanctionssearch.ofac.treas.gov/Details.aspx?id=41919 Which means we have to follow the LF guidelines to the letter for your contributions: https://www.linuxfoundation.org/blog/navigating-global-regulations-and-open-source-us-ofac-sanctions That doesn't mean we can't accept it, just that we have to be careful about how we do. If the ownership analysis isn't correct, by the way, please reply and say so and I'll re-evaluate. Regards, James
© 2016 - 2026 Red Hat, Inc.