Menu
▾
▴
[Scst-svn] [master] qla2x00t-32gbit: Fix buffer overrun
|
From: Gleb C. <lna...@ya...> - 2023-07-19 08:46:24
|
Commit: beabef8 GitHub URL: https://github.com/SCST-project/scst/commit/beabef8afc73404ec92255e7a955cd1d64ba539e Author: Gleb Chesnokov Date: 2023-07-19T11:45:31+03:00 Log Message: ----------- qla2x00t-32gbit: Fix buffer overrun Klocwork warning: Buffer Overflow - Array Index Out of Bounds Driver uses fc_els_flogi to calculate size of buffer. The actual buffer is nested inside of fc_els_flogi which is smaller. Replace structure name to allow proper size calculation. Cc: st...@vg... Signed-off-by: Quinn Tran <qu...@ma...> Signed-off-by: Nilesh Javali <nj...@ma...> Link: https://lore.kernel.org/r/202...@ma... Reviewed-by: Himanshu Madhani <him...@or...> Signed-off-by: Martin K. Petersen <mar...@or...> [ commit b68710a8094f upstream ] Modified Paths: -------------- qla2x00t-32gbit/qla_init.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) =================================================================== diff --git a/qla2x00t-32gbit/qla_init.c b/qla2x00t-32gbit/qla_init.c index 3a5edf3..88da7b5 100644 --- a/qla2x00t-32gbit/qla_init.c +++ b/qla2x00t-32gbit/qla_init.c @@ -5552,7 +5552,7 @@ static void qla_get_login_template(scsi_qla_host_t *vha) __be32 *q; memset(ha->init_cb, 0, ha->init_cb_size); - sz = min_t(int, sizeof(struct fc_els_flogi), ha->init_cb_size); + sz = min_t(int, sizeof(struct fc_els_csp), ha->init_cb_size); rval = qla24xx_get_port_login_templ(vha, ha->init_cb_dma, ha->init_cb, sz); if (rval != QLA_SUCCESS) { |