From ef91841763612a15b75f74a44f1f91e909d8bbe8 Mon Sep 17 00:00:00 2001 From: Ziye Yang Date: Fri, 24 Mar 2017 10:41:27 +0800 Subject: [PATCH] (i)scsi: check strlen before copy Make sure that we have space for termination char '\0' Change-Id: Iaebdad3b4278ee322bd78247acc7f0997c3f4b44 Signed-off-by: Ziye Yang --- lib/iscsi/iscsi.c | 13 ++++++++++--- lib/scsi/port.c | 4 ++-- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/lib/iscsi/iscsi.c b/lib/iscsi/iscsi.c index 3a7d58a92..6bb256205 100644 --- a/lib/iscsi/iscsi.c +++ b/lib/iscsi/iscsi.c @@ -1442,9 +1442,16 @@ spdk_iscsi_op_login_session_normal(struct spdk_iscsi_conn *conn, memset(conn->target_short_name, 0, MAX_TARGET_NAME); target_short_name = strstr(target_name, ":"); - if (target_short_name != NULL) - strncpy(conn->target_short_name, target_short_name + 1, - MAX_TARGET_NAME); + if (target_short_name != NULL) { + target_short_name++; /* Advance past the ':' */ + if (strlen(target_short_name) >= MAX_TARGET_NAME) { + SPDK_ERRLOG("Target Short Name (%s) is more than %u characters\n", + target_short_name, MAX_TARGET_NAME); + return rc; + } + snprintf(conn->target_short_name, MAX_TARGET_NAME, "%s", + target_short_name); + } pthread_mutex_lock(&g_spdk_iscsi.mutex); rc = spdk_iscsi_op_login_check_target(conn, rsp_pdu, target_name, diff --git a/lib/scsi/port.c b/lib/scsi/port.c index 1ede92334..14fc4a93d 100644 --- a/lib/scsi/port.c +++ b/lib/scsi/port.c @@ -38,13 +38,13 @@ int spdk_scsi_port_construct(struct spdk_scsi_port *port, uint64_t id, uint16_t index, const char *name) { - if (strlen(name) > sizeof(port->name)) { + if (strlen(name) >= sizeof(port->name)) { SPDK_ERRLOG("port name too long\n"); return -1; } port->id = id; port->index = index; - strncpy(port->name, name, sizeof(port->name)); + snprintf(port->name, sizeof(port->name), "%s", name); return 0; }