Re: [PATCH 4.4 022/105] libata: zpodd: small read overflow in eject_tray()
From: Ben Hutchings
Date: Fri Jul 20 2018 - 10:20:25 EST
On Sun, 2018-07-01 at 18:01 +0200, Greg Kroah-Hartman wrote:
> 4.4-stable review patch.ÂÂIf anyone has any objections, please let me know.
>
> ------------------
>
> From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
>
> commit 18c9a99bce2a57dfd7e881658703b5d7469cc7b9 upstream.
>
> We read from the cdb[] buffer in ata_exec_internal_sg().ÂÂIt has to be
> ATAPI_CDB_LEN (16) bytes long, but this buffer is only 12 bytes.
zpodd_get_mech_type() appears to have the same problem.
Ben.
> Fixes: 213342053db5 ("libata: handle power transition of ODD")
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> Signed-off-by: Tejun Heo <tj@xxxxxxxxxx>
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
[...]
--
Ben Hutchings, Software Developer  Codethink Ltd
https://www.codethink.co.uk/ Dale House, 35 Dale Street
Manchester, M1 2HF, United Kingdom