[no subject]

From: Denis Arefev
Date: Mon Nov 21 2022 - 06:16:45 EST

Next message: Konrad Dybcio: "Re: [PATCH v4 2/2] clk: qcom: Add QDU1000 and QRU1000 GCC support"
Previous message: Maxim Levitsky: "Re: [PATCH 04/13] KVM: nSVM: clean up copying of int_ctl fields back to vmcb01/vmcb12"
Next in thread: Jason Yan: "Re:"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Mon, 21 Nov 2022 13:29:03 +0300
Subject: [PATCH] scsi:bfa: Eliminated buffer overflow

Buffer 'cmd->adapter_hwpath' of size 32 accessed at
bfad_bsg.c:101:103 can overflow, since its index 'i'
can have value 32 that is out of range.

Signed-off-by: Denis Arefev <arefev@xxxxxxxxx>
---
drivers/scsi/bfa/bfad_bsg.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/scsi/bfa/bfad_bsg.c b/drivers/scsi/bfa/bfad_bsg.c
index be8dfbe13e90..78615ffc62ef 100644
--- a/drivers/scsi/bfa/bfad_bsg.c
+++ b/drivers/scsi/bfa/bfad_bsg.c
@@ -98,9 +98,9 @@ bfad_iocmd_ioc_get_info(struct bfad_s *bfad, void *cmd)

/* set adapter hw path */
strcpy(iocmd->adapter_hwpath, bfad->pci_name);
- for (i = 0; iocmd->adapter_hwpath[i] != ':' && i < BFA_STRING_32; i++)
+ for (i = 0; iocmd->adapter_hwpath[i] != ':' && i < BFA_STRING_32-2; i++)
;
- for (; iocmd->adapter_hwpath[++i] != ':' && i < BFA_STRING_32; )
+ for (; iocmd->adapter_hwpath[++i] != ':' && i < BFA_STRING_32-1; )
;
iocmd->adapter_hwpath[i] = '\0';
iocmd->status = BFA_STATUS_OK;
--
2.25.1

Next message: Konrad Dybcio: "Re: [PATCH v4 2/2] clk: qcom: Add QDU1000 and QRU1000 GCC support"
Previous message: Maxim Levitsky: "Re: [PATCH 04/13] KVM: nSVM: clean up copying of int_ctl fields back to vmcb01/vmcb12"
Next in thread: Jason Yan: "Re:"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]