Project

General

Profile

Actions

Bug #14797

closed

scsi_cname is unsafe

Added by Garrett D'Amore 5 months ago. Updated 5 months ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Difficulty:
Bite-size
Tags:
Gerrit CR:
External Bug:

Description

scsi_cname uses a global buffer (without any locking etc.) and returns a pointer to it if the input command cannot be decoded.

Probably it should be changed to just return a fixed value, instead of a variable string.

Arguably the callers could do something better here, or we could provide scratch space from the caller.

Actions #1

Updated by Garrett D'Amore 5 months ago

The only in-gate consumer of this API is scsa2usb, which also emits the code byte.

So there is no need to do a variable formatted string. We can just make the string a fixed string without using a scratch buffer at all. This does not violate the documented behavior, and it is suspected that there may not be any other callers for this function outside of scsa2usb anywhere.

Actions #2

Updated by Electric Monk 5 months ago

  • Gerrit CR set to 2228
Actions #3

Updated by Garrett D'Amore 5 months ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 90
  • Difficulty changed from Medium to Bite-size
  • Gerrit CR deleted (2228)
Actions #4

Updated by Garrett D'Amore 5 months ago

  • Gerrit CR set to 2228
Actions #5

Updated by Electric Monk 5 months ago

  • Status changed from In Progress to Closed
  • % Done changed from 90 to 100

git commit f81518d2d2ef63a80422631582fa82f0f956a850

commit  f81518d2d2ef63a80422631582fa82f0f956a850
Author: Garrett D'Amore <garrett@damore.org>
Date:   2022-07-14T20:33:31.000Z

    14797 scsi_cname is unsafe
    Reviewed by: Toomas Soome <tsoome@me.com>
    Reviewed by: Igor Kozhukhov <igor@dilos.org>
    Approved by: Dan McDonald <danmcd@mnx.io>

Actions

Also available in: Atom PDF