projects / GitHub / LineageOS / android_kernel_motorola_exynos9610.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: df1c7ba) | patch
[SCSI] libiscsi_tcp: fix max_r2t manipulation
authorMike Christie <michaelc@cs.wisc.edu>
Fri, 27 Jan 2012 03:13:10 +0000 (21:13 -0600)
committerJames Bottomley <JBottomley@Parallels.com>
Sun, 19 Feb 2012 14:09:00 +0000 (08:09 -0600)
commit1304be5fe0efb42b7ec6a50dd8e1a9bce2adae17
treebc3d95ab7c1cc5d779df4696aaa138b7cbd89825tree | snapshot (tar.gz zip)
parentdf1c7baba1b7b3053950f3845a6575aca47ba9cecommit | diff
[SCSI] libiscsi_tcp: fix max_r2t manipulation

Problem description from Xi Wang:
A large max_r2t could lead to integer overflow in subsequent call to
iscsi_tcp_r2tpool_alloc(), allocating a smaller buffer than expected
and leading to out-of-bounds write.

Signed-off-by: Mike Christie <michaelc@cs.wisc.edu>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
drivers/scsi/cxgbi/libcxgbi.c diff | blob | blame | history
drivers/scsi/iscsi_tcp.c diff | blob | blame | history
drivers/scsi/libiscsi.c diff | blob | blame | history
drivers/scsi/libiscsi_tcp.c diff | blob | blame | history
include/scsi/libiscsi.h diff | blob | blame | history
include/scsi/libiscsi_tcp.h diff | blob | blame | history