| From stable-bounces@linux.kernel.org Tue Oct 16 15:28:18 2007 |
| From: HighPoint Linux Team <linux@highpoint-tech.com> |
| Date: Tue, 16 Oct 2007 14:28:24 -0700 |
| Subject: hptiop: avoid buffer overflow when returning sense data |
| To: James.Bottomley@steeleye.com |
| Cc: akpm@linux-foundation.org, linux@highpoint-tech.com, stable@kernel.org, linux-scsi@vger.kernel.org |
| Message-ID: <200710162128.l9GLSORo018187@imap1.linux-foundation.org> |
| |
| |
| From: HighPoint Linux Team <linux@highpoint-tech.com> |
| |
| patch 0fec02c93f60fb44ba3a24a0d3e4a52521d34d3f in mainline. |
| |
| avoid buffer overflow when returning sense data. |
| |
| With current adapter firmware the driver is working but future firmware |
| updates may return sense data larger than 96 bytes, causing overflow on |
| scp->sense_buffer and a kernel crash. |
| |
| This fix should be backported to earlier kernels. |
| |
| Signed-off-by: HighPoint Linux Team <linux@highpoint-tech.com> |
| Signed-off-by: James Bottomley <James.Bottomley@steeleye.com> |
| Signed-off-by: Andrew Morton <akpm@linux-foundation.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| drivers/scsi/hptiop.c | 5 +++-- |
| 1 file changed, 3 insertions(+), 2 deletions(-) |
| |
| --- a/drivers/scsi/hptiop.c |
| +++ b/drivers/scsi/hptiop.c |
| @@ -365,8 +365,9 @@ static void hptiop_host_request_callback |
| scp->result = SAM_STAT_CHECK_CONDITION; |
| memset(&scp->sense_buffer, |
| 0, sizeof(scp->sense_buffer)); |
| - memcpy(&scp->sense_buffer, |
| - &req->sg_list, le32_to_cpu(req->dataxfer_length)); |
| + memcpy(&scp->sense_buffer, &req->sg_list, |
| + min(sizeof(scp->sense_buffer), |
| + le32_to_cpu(req->dataxfer_length))); |
| break; |
| |
| default: |
