From patchwork Wed Nov 1 21:26:49 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Willy Tarreau X-Patchwork-Id: 117739 Delivered-To: patch@linaro.org Received: by 10.80.245.45 with SMTP id t42csp1266661edm; Wed, 1 Nov 2017 14:50:03 -0700 (PDT) X-Google-Smtp-Source: ABhQp+Ru/73l/qv3amNTyfk/hOfWKGZD9Gef4s3oly5DoLKtINfBBRPFfXqnHwY9xRM94SKEE7S2 X-Received: by 10.99.56.19 with SMTP id f19mr1244575pga.328.1509573003195; Wed, 01 Nov 2017 14:50:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1509573003; cv=none; d=google.com; s=arc-20160816; b=Hw+5hY86L/swDOZe7U02Z+ZUCjCYkRy+rBj+8JHzTqsNvcwKPwXdQeVOBu0BvAcGLx iT474vhcCV15KSAEFHFGBSNGf56ktCVi5vhWIXrnSVSgZODaxYpqLAjCjaJtty6F27kY cpZhXM5oqVwHXUrZLiiu9hBgzEo8/ZzE3EfoJtFVPwOB+lOLBpurrkdkLZxCIpxmyPC+ gtywzYFVYuHdxVQ+16RCvXWKTcNOvhKP+Pm7CBtCu/gXA9XWqTd94tpzjx8sC0fIcjM7 J+Xt5pdgtSFpZujXrmr1A5p0gHR+mir51a+IunWyz5xed4UN1SCs1rEuLAHwsk0OjUzn bjWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=MX2o6/zaGXJEST2vE5B9dKALTDkJ9l04PBf3dyedczo=; b=GArB9kHZn4v7uJbTHpZlseYOCrv2G1ObZoHa6+zxn6IYOt2qQuldiM+AzkFaO14keI 1eYGwn2Re9J4KonAtlXC+xQ7JlQ4FWqWJ4O4CFB0CAzZ0DjjKn5h2mnLHdOoW1imXnih 5Eh457yXS195Ck2wg6dHuUCX3HM/SM4IxIGP0Fa/cM1tG7fB6WpxLWeNzz9B2vNBA5S/ Qy/xMiuarxkRPyPR0680kaTCfG9zJgemvaiaZmtTLoCBgZ+URQW5fjl9Zfh5CZDDjt4u z7nj/UgPp0qG4xluRBH8/axeeB2EG97AMVKUlWESO4ZcTto+MECQKa8d3nRxSqD+OV1j qZNg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m193si1858013pfc.125.2017.11.01.14.50.02; Wed, 01 Nov 2017 14:50:03 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933714AbdKAVuB (ORCPT + 9 others); Wed, 1 Nov 2017 17:50:01 -0400 Received: from wtarreau.pck.nerim.net ([62.212.114.60]:35327 "EHLO 1wt.eu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S934108AbdKAV2F (ORCPT ); Wed, 1 Nov 2017 17:28:05 -0400 Received: (from willy@localhost) by pcw.home.local (8.15.2/8.15.2/Submit) id vA1LRAkc005106; Wed, 1 Nov 2017 22:27:10 +0100 From: Willy Tarreau To: linux-kernel@vger.kernel.org, stable@vger.kernel.org, linux@roeck-us.net Cc: Arnd Bergmann , "David S . Miller" , Willy Tarreau Subject: [PATCH 3.10 124/139] qlge: avoid memcpy buffer overflow Date: Wed, 1 Nov 2017 22:26:49 +0100 Message-Id: <1509571624-5001-25-git-send-email-w@1wt.eu> X-Mailer: git-send-email 2.8.0.rc2.1.gbe9624a In-Reply-To: <1509571624-5001-1-git-send-email-w@1wt.eu> References: <1509571159-4405-1-git-send-email-w@1wt.eu> <1509571624-5001-1-git-send-email-w@1wt.eu> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Arnd Bergmann commit e58f95831e7468d25eb6e41f234842ecfe6f014f upstream. gcc-8.0.0 (snapshot) points out that we copy a variable-length string into a fixed length field using memcpy() with the destination length, and that ends up copying whatever follows the string: inlined from 'ql_core_dump' at drivers/net/ethernet/qlogic/qlge/qlge_dbg.c:1106:2: drivers/net/ethernet/qlogic/qlge/qlge_dbg.c:708:2: error: 'memcpy' reading 15 bytes from a region of size 14 [-Werror=stringop-overflow=] memcpy(seg_hdr->description, desc, (sizeof(seg_hdr->description)) - 1); Changing it to use strncpy() will instead zero-pad the destination, which seems to be the right thing to do here. The bug is probably harmless, but it seems like a good idea to address it in stable kernels as well, if only for the purpose of building with gcc-8 without warnings. Fixes: a61f80261306 ("qlge: Add ethtool register dump function.") Signed-off-by: Arnd Bergmann Signed-off-by: David S. Miller Signed-off-by: Willy Tarreau --- drivers/net/ethernet/qlogic/qlge/qlge_dbg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.8.0.rc2.1.gbe9624a diff --git a/drivers/net/ethernet/qlogic/qlge/qlge_dbg.c b/drivers/net/ethernet/qlogic/qlge/qlge_dbg.c index 10093f0..00a8058 100644 --- a/drivers/net/ethernet/qlogic/qlge/qlge_dbg.c +++ b/drivers/net/ethernet/qlogic/qlge/qlge_dbg.c @@ -724,7 +724,7 @@ static void ql_build_coredump_seg_header( seg_hdr->cookie = MPI_COREDUMP_COOKIE; seg_hdr->segNum = seg_number; seg_hdr->segSize = seg_size; - memcpy(seg_hdr->description, desc, (sizeof(seg_hdr->description)) - 1); + strncpy(seg_hdr->description, desc, (sizeof(seg_hdr->description)) - 1); } /*