Commit 1882ab86 authored by Leon Romanovsky's avatar Leon Romanovsky Committed by Jason Gunthorpe

RDMA/iwcm: Fix string truncation error

The strlen() check at the beginning of iw_cm_map() ensures that devname
and ifname strings are less than destinations to which they are supposed
to be copied. Change strncpy() call to be strcpy(), because we are
protected from overflow. Zero the entire string buffer to avoid copying
uninitialized kernel stack memory to userspace.

This fixes the compilation warning below:

In file included from ./include/linux/dma-mapping.h:6,
                 from drivers/infiniband/core/iwcm.c:38:
In function _strncpy_,
    inlined from _iw_cm_map_ at drivers/infiniband/core/iwcm.c:519:2:
./include/linux/string.h:253:9: warning: ___builtin_strncpy_ specified
bound 32 equals destination size [-Wstringop-truncation]
  return __builtin_strncpy(p, q, size);
         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Fixes: d53ec8af ("RDMA/iwcm: Don't copy past the end of dev_name() string")
Signed-off-by: default avatarLeon Romanovsky <leonro@mellanox.com>
Signed-off-by: default avatarJason Gunthorpe <jgg@mellanox.com>
parent e278173f
...@@ -505,7 +505,7 @@ static int iw_cm_map(struct iw_cm_id *cm_id, bool active) ...@@ -505,7 +505,7 @@ static int iw_cm_map(struct iw_cm_id *cm_id, bool active)
{ {
const char *devname = dev_name(&cm_id->device->dev); const char *devname = dev_name(&cm_id->device->dev);
const char *ifname = cm_id->device->iwcm->ifname; const char *ifname = cm_id->device->iwcm->ifname;
struct iwpm_dev_data pm_reg_msg; struct iwpm_dev_data pm_reg_msg = {};
struct iwpm_sa_data pm_msg; struct iwpm_sa_data pm_msg;
int status; int status;
...@@ -516,8 +516,8 @@ static int iw_cm_map(struct iw_cm_id *cm_id, bool active) ...@@ -516,8 +516,8 @@ static int iw_cm_map(struct iw_cm_id *cm_id, bool active)
cm_id->m_local_addr = cm_id->local_addr; cm_id->m_local_addr = cm_id->local_addr;
cm_id->m_remote_addr = cm_id->remote_addr; cm_id->m_remote_addr = cm_id->remote_addr;
strncpy(pm_reg_msg.dev_name, devname, sizeof(pm_reg_msg.dev_name)); strcpy(pm_reg_msg.dev_name, devname);
strncpy(pm_reg_msg.if_name, ifname, sizeof(pm_reg_msg.if_name)); strcpy(pm_reg_msg.if_name, ifname);
if (iwpm_register_pid(&pm_reg_msg, RDMA_NL_IWCM) || if (iwpm_register_pid(&pm_reg_msg, RDMA_NL_IWCM) ||
!iwpm_valid_pid()) !iwpm_valid_pid())
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment