Bug#1079642: ITP: mfiutil -- Utility for managing LSI MegaRAID SAS controllers

To: "Petter Reinholdtsen" <pere@debian.org>, 1079642@bugs.debian.org
Cc: "Jérémy Lal" <kapouer@melix.org>
Subject: Bug#1079642: ITP: mfiutil -- Utility for managing LSI MegaRAID SAS controllers
From: "WHR" <whr@rivoreo.one>
Date: Mon, 26 Aug 2024 16:33:02 -0000
Message-id: <[🔎] c8edea3adcdc2244a1f8f7f4d64c173a.squirrel@_>
Reply-to: "WHR" <whr@rivoreo.one>, 1079642@bugs.debian.org
In-reply-to: <[🔎] sa6zfozg96a.fsf@hjemme.reinholdtsen.name>
References: <[🔎] 172461085669.935873.1267658374120228558.reportbug@beijing-router-cm.rivoreo> <[🔎] CAJxTCxzsxiztX72=pN00bWLhG4R9uuMbUcEjgnYH_HwMxLxE2w@mail.gmail.com> <[🔎] sa634msgt2d.fsf@hjemme.reinholdtsen.name> <[🔎] sa6zfozg96a.fsf@hjemme.reinholdtsen.name> <[🔎] 172461085669.935873.1267658374120228558.reportbug@beijing-router-cm.rivoreo>

> 
> I built and tested the source on a machine running testing, and it seem
> to work fine.  According to the compiler there are some potential buffer
> overflows:
> 
> gcc -I include -std=gnu99 -Wall -Wno-unused-value -Os   -c -o mfi_drive.o
> mfi_drive.c
> mfi_drive.c: In function ‘mfi_pdstate’:
> mfi_drive.c:160:40: warning: ‘%04x’ directive writing between 4 and 8 bytes
> into a region of size 7 [-Wformat-overflow=]
>   160 |                 sprintf(buf, "PSTATE 0x%04x", state);
>       |                                        ^~~~
> In function ‘mfi_pdstate’,
>     inlined from ‘mfi_pdstate’ at mfi_drive.c:136:1:
> mfi_drive.c:160:30: note: directive argument in the range [3, 4294967295]
>   160 |                 sprintf(buf, "PSTATE 0x%04x", state);
>       |                              ^~~~~~~~~~~~~~~
> mfi_drive.c:160:17: note: ‘sprintf’ output between 14 and 18 bytes into a
> destination of size 16
>   160 |                 sprintf(buf, "PSTATE 0x%04x", state);
>       |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> mfi_drive.c: In function ‘mfi_pd_inq_string’:
> mfi_drive.c:418:57: warning: ‘ ’ directive output may be truncated writing 1
> byte into a region of size between 0 and 62 [-Wformat-truncation=]
>   418 |         snprintf(inq_string, sizeof(inq_string), "<%s %s %s
> serial=%s> %s", vendor,
>       |                                                         ^
> mfi_drive.c:418:9: note: ‘snprintf’ output between 14 and 121 bytes into a
> destination of size 64
>   418 |         snprintf(inq_string, sizeof(inq_string), "<%s %s %s
> serial=%s> %s", vendor,
>       |        
> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>   419 |             product, revision, serial, rstr);
>       |             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> mfi_drive.c:401:65: warning: ‘ serial=’ directive output may be truncated
> writing 8 bytes into a region of size between 0 and 62
> [-Wformat-truncation=]
>   401 |                 snprintf(inq_string, sizeof(inq_string), "<%s %s
> serial=%s> SATA",
>       |                                                                
> ^~~~~~~~
> mfi_drive.c:401:17: note: ‘snprintf’ output between 17 and 98 bytes into a
> destination of size 64
>   401 |                 snprintf(inq_string, sizeof(inq_string), "<%s %s
> serial=%s> SATA",
>       |                
> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>   402 |                     product, revision, serial);
>       |                     ~~~~~~~~~~~~~~~~~~~~~~~~~~
> gcc -I include -std=gnu99 -Wall -Wno-unused-value -Os   -c -o mfi_evt.o
> mfi_evt.c
> mfi_evt.c: In function ‘pdrive_location’:
> mfi_evt.c:343:64: warning: ‘snprintf’ output may be truncated before the
> last format character [-Wformat-truncation=]
>   343 |                 snprintf(buffer, sizeof(buffer), "%02d(e%d/s%d)",
> pd->device_id,
>       |                                                                ^
> mfi_evt.c:343:17: note: ‘snprintf’ output between 10 and 17 bytes into a
> destination of size 16
>   343 |                 snprintf(buffer, sizeof(buffer), "%02d(e%d/s%d)",
> pd->device_id,
>       |                
> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>   344 |                     pd->enclosure_index, pd->slot_number);
>       |                     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> [...]
> gcc -I include -std=gnu99 -Wall -Wno-unused-value -Os   -c -o mfi_volume.o
> mfi_volume.c
> mfi_volume.c: In function ‘mfi_ldstate’:
> mfi_volume.c:59:40: warning: ‘%02x’ directive writing between 2 and 8 bytes
> into a region of size 7 [-Wformat-overflow=]
>    59 |                 sprintf(buf, "LSTATE 0x%02x", state);
>       |                                        ^~~~
> mfi_volume.c:59:30: note: directive argument in the range [4, 4294967295]
>    59 |                 sprintf(buf, "LSTATE 0x%02x", state);
>       |                              ^~~~~~~~~~~~~~~
> mfi_volume.c:59:17: note: ‘sprintf’ output between 12 and 18 bytes into a
> destination of size 16
>    59 |                 sprintf(buf, "LSTATE 0x%02x", state);
>       |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> Here is a patch to get rid of the compiler warnings.
> 
> diff --git a/mfi_drive.c b/mfi_drive.c
> index 9f726f3..1450621 100644
> --- a/mfi_drive.c
> +++ b/mfi_drive.c
> @@ -135,7 +135,7 @@ mfi_drive_name(const struct mfi_pd_info *info_p,
> uint16_t device_id, uint32_t de
>  const char *
>  mfi_pdstate(enum mfi_pd_state state)
>  {
> -       static char buf[16];
> +       static char buf[18];
> 
>         switch (state) {
>         case MFI_PD_STATE_UNCONFIGURED_GOOD:
> @@ -375,7 +375,7 @@ mfi_pd_inq_string(const struct mfi_pd_info *info)
>  {
>         struct scsi_inquiry_data iqd, *inq_data = &iqd;
>         char vendor[16], product[48], revision[16], rstr[12],
> serial[SID_VENDOR_SPECIFIC_0_SIZE];
> -       static char inq_string[64];
> +       static char inq_string[121];
> 
>         memcpy(inq_data, info->inquiry_data,
>             (sizeof (iqd) <  sizeof (info->inquiry_data))?
> diff --git a/mfi_evt.c b/mfi_evt.c
> index ad22bc8..b43be7e 100644
> --- a/mfi_evt.c
> +++ b/mfi_evt.c
> @@ -334,7 +334,7 @@ simple_hex(const void *ptr, size_t length, const char
> *separator)
>  static const char *
>  pdrive_location(const struct mfi_evt_pd *pd)
>  {
> -       static char buffer[16];
> +       static char buffer[17];
> 
>         if (pd->enclosure_index == 0) {
>                 snprintf(buffer, sizeof(buffer), "%02d(s%d)", pd->device_id,
> diff --git a/mfi_volume.c b/mfi_volume.c
> index cde2bb4..571333c 100644
> --- a/mfi_volume.c
> +++ b/mfi_volume.c
> @@ -44,7 +44,7 @@ MFI_TABLE(top, volume);
>  const char *
>  mfi_ldstate(enum mfi_ld_state state)
>  {
> -       static char buf[16];
> +       static char buf[18];
> 
>         switch (state) {
>         case MFI_LD_STATE_OFFLINE:
> 
> --
> Happy hacking
> Petter Reinholdtsen
> 

Hello.

I was writing a new section for the man page today. I will commit this patch
by tomorrow. Thanks.

Reply to:

Follow-Ups:
- Bug#1079642: ITP: mfiutil -- Utility for managing LSI MegaRAID SAS controllers
  - From: Petter Reinholdtsen <pere@hungry.com>

References:
- Bug#1079642: ITP: mfiutil -- Utility for managing LSI MegaRAID SAS controllers
  - From: WHR <whr@rivoreo.one>
- Bug#1079642: ITP: mfiutil -- Utility for managing LSI MegaRAID SAS controllers
  - From: Jérémy Lal <kapouer@melix.org>
- Bug#1079642: ITP: mfiutil -- Utility for managing LSI MegaRAID SAS controllers
  - From: Petter Reinholdtsen <pere@debian.org>
- Bug#1079642: ITP: mfiutil -- Utility for managing LSI MegaRAID SAS controllers
  - From: Petter Reinholdtsen <pere@debian.org>

Prev by Date: Processed: Change to ITP
Next by Date: Bug#1079728: ITP: golang-github-charmbracelet-log -- A minimal, colorful Go logging library
Previous by thread: Bug#1079642: ITP: mfiutil -- Utility for managing LSI MegaRAID SAS controllers
Next by thread: Bug#1079642: ITP: mfiutil -- Utility for managing LSI MegaRAID SAS controllers
Index(es):
- Date
- Thread