[PATCH] target: iscsi: iscsi_target_tpg.c: Cleaning up possible size overwriting in conjunction with sprintf

Sun, 12 Oct 2014 10:55:26 -0700 

Changed same snprintf and sprintf to strlcpy and strlcat.
This will guarantee that the string size is not overwritten,
and they are significantly faster than sprintf also.

Signed-off-by: Rickard Strandqvist <rickard_strandqv...@spectrumdigital.se>
---
 drivers/target/iscsi/iscsi_target_tpg.c |   16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/drivers/target/iscsi/iscsi_target_tpg.c 
b/drivers/target/iscsi/iscsi_target_tpg.c
index c3cb5c1..6fc8bfe 100644
--- a/drivers/target/iscsi/iscsi_target_tpg.c
+++ b/drivers/target/iscsi/iscsi_target_tpg.c
@@ -608,7 +608,6 @@ int iscsit_tpg_set_initiator_node_queue_depth(
 int iscsit_ta_authentication(struct iscsi_portal_group *tpg, u32 
authentication)
 {
        unsigned char buf1[256], buf2[256], *none = NULL;
-       int len;
        struct iscsi_param *param;
        struct iscsi_tpg_attrib *a = &tpg->tpg_attrib;
 
@@ -626,34 +625,33 @@ int iscsit_ta_authentication(struct iscsi_portal_group 
*tpg, u32 authentication)
                return -EINVAL;
 
        if (authentication) {
-               snprintf(buf1, sizeof(buf1), "%s", param->value);
+               strlcpy(buf1, param->value, sizeof(buf1));
                none = strstr(buf1, NONE);
                if (!none)
                        goto out;
                if (!strncmp(none + 4, ",", 1)) {
                        if (!strcmp(buf1, none))
-                               sprintf(buf2, "%s", none+5);
+                               strlcpy(buf2, none+5, sizeof(buf2));
                        else {
                                none--;
                                *none = '\0';
-                               len = sprintf(buf2, "%s", buf1);
+                               strlcpy(buf2, buf1, sizeof(buf2));
                                none += 5;
-                               sprintf(buf2 + len, "%s", none);
+                               strlcat(buf2, none, sizeof(buf2));
                        }
                } else {
                        none--;
                        *none = '\0';
-                       sprintf(buf2, "%s", buf1);
+                       strlcpy(buf2, buf1, sizeof(buf2));
                }
                if (iscsi_update_param_value(param, buf2) < 0)
                        return -EINVAL;
        } else {
-               snprintf(buf1, sizeof(buf1), "%s", param->value);
+               strlcpy(buf1, param->value, sizeof(buf1));
                none = strstr(buf1, NONE);
                if (none)
                        goto out;
-               strncat(buf1, ",", strlen(","));
-               strncat(buf1, NONE, strlen(NONE));
+               strlcat(buf1, ","  NONE , sizeof(buf1));
                if (iscsi_update_param_value(param, buf1) < 0)
                        return -EINVAL;
        }
-- 
1.7.10.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Reply via email to