Commit d1698dca authored Apr 10, 2024 by Marcin Spiewak Committed by Jim Harris Apr 30, 2024

lib/nvmf: make sure ctrlr->hostnqn is NULL-terminated



This issue was found by Coverity.

In nvmf_ctrlr_create() function, the NQN is copied from
connect_data structure to ctrlr structure. While size of
ctrlr->hostnqn is 224 bytes, and connect_data->hostnqn is
256 bytes, we need to assure the last byte of ctrlr->hostnqn
(initialized to zero during allocation) is not overwritten,
to make sure the string is NULL-terminated.  We have to
copy 'SPDK_NVMF_NQN_MAX_LEN' bytes, while size of the
ctrl->hostnqn table is 'SPDK_NVMF_NQN_MAX_LEN + 1'.

Change-Id: I068c9f0bf3aae3f97b78e8c439ac7e5dd1302509
Signed-off-by: Marcin Spiewak <marcin.spiewak@intel.com>
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/22718


Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
Community-CI: Mellanox Build Bot
Reviewed-by: Changpeng Liu <changpeng.liu@intel.com>
Reviewed-by: Jim Harris <jim.harris@samsung.com>

parent f387b7fe

lib/nvmf/ctrlr.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -487,7 +487,7 @@ nvmf_ctrlr_create(struct spdk_nvmf_subsystem *subsystem,
		1;

		spdk_uuid_copy(&ctrlr->hostid, (struct spdk_uuid *)connect_data->hostid);
		memcpy(ctrlr->hostnqn, connect_data->hostnqn, sizeof(ctrlr->hostnqn));
		memcpy(ctrlr->hostnqn, connect_data->hostnqn, SPDK_NVMF_NQN_MAX_LEN);

		ctrlr->visible_ns = spdk_bit_array_create(subsystem->max_nsid);
		if (!ctrlr->visible_ns) {