diff options
author | Leandro Lupori <luporl@FreeBSD.org> | 2020-03-02 16:11:25 +0000 |
---|---|---|
committer | Leandro Lupori <luporl@FreeBSD.org> | 2020-03-02 16:11:25 +0000 |
commit | 967c53ac2f75e2e27a3e17f3821f40fbe7d72e8c (patch) | |
tree | 7143a78f02f7b6f143a687e41d11521baddb89c1 | |
parent | 9c5d67e9425fd3611948faaf6ef6e7aa8c8f65a9 (diff) | |
download | src-967c53ac2f75e2e27a3e17f3821f40fbe7d72e8c.tar.gz src-967c53ac2f75e2e27a3e17f3821f40fbe7d72e8c.zip |
[aacraid] Prevent sense data from causing a buffer overflow
This issue was observed on a PowerPC64 machine with an Adaptec RAID
Controller with PCI device ID 0x028d, where sense data was causing a
buffer overflow because of wrong max sense length logic.
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D23667
Notes
Notes:
svn path=/head/; revision=358550
-rw-r--r-- | sys/dev/aacraid/aacraid_cam.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/dev/aacraid/aacraid_cam.c b/sys/dev/aacraid/aacraid_cam.c index 3f5a4c2d3a47..f35b631daad6 100644 --- a/sys/dev/aacraid/aacraid_cam.c +++ b/sys/dev/aacraid/aacraid_cam.c @@ -1182,7 +1182,7 @@ aac_cam_complete(struct aac_command *cm) scsi_sense_len) ? scsi_sense_len : srbr->sense_len; bcopy(&srbr->sense[0], &ccb->csio.sense_data, - srbr->sense_len); + sense_len); ccb->csio.sense_len = sense_len; ccb->ccb_h.status |= CAM_AUTOSNS_VALID; // scsi_sense_print(&ccb->csio); |