2d89a50f96
The sim_vid, hba_vid, and dev_name fields of struct ccb_pathinq are
fixed-length strings. AFAICT the only place they're read is in
sbin/camcontrol/camcontrol.c, which assumes they'll be null-terminated.
However, the kernel doesn't null-terminate them. A bunch of copy-pasted code
uses strncpy to write them, and doesn't guarantee null-termination. For at
least 4 drivers (mpr, mps, ciss, and hyperv), the hba_vid field actually
overflows. You can see the result by doing "camcontrol negotiate da0 -v".
This change null-terminates those fields everywhere they're set in the
kernel. It also shortens a few strings to ensure they'll fit within the
16-character field.
PR: 215474
Reported by: Coverity
CID: 1009997 1010000
|
||
---|---|---|
.. | ||
aicasm | ||
ahc_eisa.c | ||
ahc_isa.c | ||
ahc_pci.c | ||
ahd_pci.c | ||
aic7xxx_93cx6.c | ||
aic7xxx_93cx6.h | ||
aic7xxx_inline.h | ||
aic7xxx_osm.c | ||
aic7xxx_osm.h | ||
aic7xxx_pci.c | ||
aic7xxx_reg_print.c | ||
aic7xxx_reg.h | ||
aic7xxx_seq.h | ||
aic7xxx.c | ||
aic7xxx.h | ||
aic7xxx.reg | ||
aic7xxx.seq | ||
aic79xx_inline.h | ||
aic79xx_osm.c | ||
aic79xx_osm.h | ||
aic79xx_pci.c | ||
aic79xx_reg_print.c | ||
aic79xx_reg.h | ||
aic79xx_seq.h | ||
aic79xx.c | ||
aic79xx.h | ||
aic79xx.reg | ||
aic79xx.seq | ||
aic7770.c | ||
aic_osm_lib.c | ||
aic_osm_lib.h |