scsi: Protect against buffer possible overflow in scsi_set_sense_information
authorSagi Grimberg <sagig@mellanox.com>
Wed, 15 Jul 2015 07:55:37 +0000 (10:55 +0300)
committerNicholas Bellinger <nab@linux-iscsi.org>
Fri, 24 Jul 2015 05:53:05 +0000 (22:53 -0700)
commitf5a8b3a796db01b639435515b3adc003b9f27387
tree3ff4e026ec2af94cbef2cef9d365a5faf141059c
parent12306b425d0dbab7b60f54e02d67cf3dfae494d1
scsi: Protect against buffer possible overflow in scsi_set_sense_information

Make sure that the input sense buffer has sufficient length
to fit the information descriptor (12 additional bytes).
Modify scsi_set_sense_information to receive the sense buffer
length and adjust its callers scsi target and libata.

(Fix patch fuzz in scsi_set_sense_information - nab)

Reported-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Sagi Grimberg <sagig@mellanox.com>
Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
Cc: Tejun Heo <tj@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
drivers/ata/libata-scsi.c
drivers/scsi/scsi_common.c
drivers/target/target_core_transport.c
include/scsi/scsi_common.h