aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLeandro Lupori <luporl@FreeBSD.org>2020-03-02 16:11:25 +0000
committerLeandro Lupori <luporl@FreeBSD.org>2020-03-02 16:11:25 +0000
commit967c53ac2f75e2e27a3e17f3821f40fbe7d72e8c (patch)
tree7143a78f02f7b6f143a687e41d11521baddb89c1
parent9c5d67e9425fd3611948faaf6ef6e7aa8c8f65a9 (diff)
downloadsrc-967c53ac2f75e2e27a3e17f3821f40fbe7d72e8c.tar.gz
src-967c53ac2f75e2e27a3e17f3821f40fbe7d72e8c.zip
[aacraid] Prevent sense data from causing a buffer overflow
This issue was observed on a PowerPC64 machine with an Adaptec RAID Controller with PCI device ID 0x028d, where sense data was causing a buffer overflow because of wrong max sense length logic. Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D23667
Notes
Notes: svn path=/head/; revision=358550
Diffstat
-rw-r--r--sys/dev/aacraid/aacraid_cam.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/dev/aacraid/aacraid_cam.c b/sys/dev/aacraid/aacraid_cam.c
index 3f5a4c2d3a47..f35b631daad6 100644
--- a/sys/dev/aacraid/aacraid_cam.c
+++ b/sys/dev/aacraid/aacraid_cam.c
@@ -1182,7 +1182,7 @@ aac_cam_complete(struct aac_command *cm)
scsi_sense_len) ? scsi_sense_len :
srbr->sense_len;
bcopy(&srbr->sense[0], &ccb->csio.sense_data,
- srbr->sense_len);
+ sense_len);
ccb->csio.sense_len = sense_len;
ccb->ccb_h.status |= CAM_AUTOSNS_VALID;
// scsi_sense_print(&ccb->csio);
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-23 23:26:45 +0000