summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHighPoint Linux Team <linux@highpoint-tech.com>2007-10-15 06:42:52 (GMT)
committerJames Bottomley <jejb@mulgrave.localdomain>2007-10-18 01:56:13 (GMT)
commit0fec02c93f60fb44ba3a24a0d3e4a52521d34d3f (patch)
treef46f69d450964347e0251a81133ab7ac2af784d9
parent7a39ac3f25bef018862a991d754aff681c019127 (diff)
downloadlinux-fsl-qoriq-0fec02c93f60fb44ba3a24a0d3e4a52521d34d3f.tar.xz
[SCSI] hptiop: avoid buffer overflow when returning sense data
The newer firmware may return more than 96 bytes of sense data when it does autosense. Truncate this to the size of the SCSI layer sense buffer to avoid an overrun. Signed-off-by: HighPoint Linux Team <linux@highpoint-tech.com> Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
-rw-r--r--drivers/scsi/hptiop.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/drivers/scsi/hptiop.c b/drivers/scsi/hptiop.c
index 8515054..0844331 100644
--- a/drivers/scsi/hptiop.c
+++ b/drivers/scsi/hptiop.c
@@ -375,8 +375,9 @@ static void hptiop_host_request_callback(struct hptiop_hba *hba, u32 _tag)
scp->result = SAM_STAT_CHECK_CONDITION;
memset(&scp->sense_buffer,
0, sizeof(scp->sense_buffer));
- memcpy(&scp->sense_buffer,
- &req->sg_list, le32_to_cpu(req->dataxfer_length));
+ memcpy(&scp->sense_buffer, &req->sg_list,
+ min(sizeof(scp->sense_buffer),
+ le32_to_cpu(req->dataxfer_length)));
break;
default: