scsi: libfc: replace deprecated strncpy() with memcpy()

JustinStitt · martinkpetersen · commit 3e24118ec185 · 2024-02-26T21:21:23.000-05:00
strncpy() is deprecated [1] and as such we should use different apis to copy string data. We can see that ct is NUL-initialized with fc_ct_hdr_fill: | ct = fc_ct_hdr_fill(fp, op, sizeof(struct fc_ns_rspn) + len, ... In fc_ct_hdr_fill(): | memset(ct, 0, ct_plen); We also calculate the length of the source string: | len = strnlen(fc_host_symbolic_name(lport->host), 255); ...then this argument is used in strncpy(), which is bad because the pattern of (dest, src, strlen(src)) usually leaves the destination buffer without NUL-termination. However, it looks as though we do not require NUL-termination since fr_name is part of a seq_buf-like structure wherein its length is monitored: | struct fc_ns_rspn { | struct fc_ns_fid fr_fid; /* port ID object */ | __u8 fr_name_len; | char fr_name[]; | } __attribute__((__packed__)); So, this is really just a byte copy into a length-bounded buffer. Let's use memcpy(). Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] Link: KSPP#90 Cc: linux-hardening@vger.kernel.org Signed-off-by: Justin Stitt <justinstitt@google.com> Link: https://lore.kernel.org/r/20240221-strncpy-drivers-scsi-libfc-fc_encode-h-v2-1-019a0889c5ca@google.com Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
diff --git a/drivers/scsi/libfc/fc_encode.h b/drivers/scsi/libfc/fc_encode.h
@@ -136,22 +136,24 @@ static inline int fc_ct_ns_fill(struct fc_lport *lport,
 		break;
 
 	case FC_NS_RSPN_ID:
-		len = strnlen(fc_host_symbolic_name(lport->host), 255);
+		len = strnlen(fc_host_symbolic_name(lport->host),
+			      FC_SYMBOLIC_NAME_SIZE);
 		ct = fc_ct_hdr_fill(fp, op, sizeof(struct fc_ns_rspn) + len,
 				    FC_FST_DIR, FC_NS_SUBTYPE);
 		hton24(ct->payload.spn.fr_fid.fp_fid, lport->port_id);
-		strncpy(ct->payload.spn.fr_name,
-			fc_host_symbolic_name(lport->host), len);
+		memcpy(ct->payload.spn.fr_name,
+		       fc_host_symbolic_name(lport->host), len);
 		ct->payload.spn.fr_name_len = len;
 		break;
 
 	case FC_NS_RSNN_NN:
-		len = strnlen(fc_host_symbolic_name(lport->host), 255);
+		len = strnlen(fc_host_symbolic_name(lport->host),
+			      FC_SYMBOLIC_NAME_SIZE);
 		ct = fc_ct_hdr_fill(fp, op, sizeof(struct fc_ns_rsnn) + len,
 				    FC_FST_DIR, FC_NS_SUBTYPE);
 		put_unaligned_be64(lport->wwnn, &ct->payload.snn.fr_wwn);
-		strncpy(ct->payload.snn.fr_name,
-			fc_host_symbolic_name(lport->host), len);
+		memcpy(ct->payload.snn.fr_name,
+		       fc_host_symbolic_name(lport->host), len);
 		ct->payload.snn.fr_name_len = len;
 		break;
 
