diff options
author | Kees Cook | 2021-06-16 14:24:08 -0700 |
---|---|---|
committer | Martin K. Petersen | 2021-06-18 23:25:27 -0400 |
commit | 4ab293c2809efa1499c3290ff007d98a9ee2fab2 (patch) | |
tree | 29d1f081583646ea301a160b05d368914b2a4bbe /net/mac80211/ethtool.c | |
parent | d8b34a32a44078abef55e9fee5b3ddc7755d7c30 (diff) |
scsi: ips: Avoid over-read of sense buffer
In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memcpy() avoid intentionally reading across
neighboring array fields.
scb->scsi_cmd->sense_buffer is 96 bytes:
#define SCSI_SENSE_BUFFERSIZE 96
tapeDCDB->sense_info is 56 bytes:
typedef struct {
...
uint8_t sense_info[56];
} IPS_DCDB_TABLE_TAPE, ...
scb->dcdb.sense_info is 64 bytes:
typedef struct {
...
uint8_t sense_info[64];
...
} IPS_DCDB_TABLE, ...
Copying 96 bytes from either was copying beyond the end of the respective
buffers, leading to potential memory content exposures. Correctly copy the
actual buffer contents and zero pad the remaining bytes.
Link: https://lore.kernel.org/r/20210616212408.1726812-1-keescook@chromium.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Diffstat (limited to 'net/mac80211/ethtool.c')
0 files changed, 0 insertions, 0 deletions