[SCSI] hptiop: avoid buffer overflow when returning sense data
authorHighPoint Linux Team <linux@highpoint-tech.com>
Mon, 15 Oct 2007 06:42:52 +0000 (14:42 +0800)
committerJames Bottomley <jejb@mulgrave.localdomain>
Thu, 18 Oct 2007 01:56:13 +0000 (21:56 -0400)
The newer firmware may return more than 96 bytes of sense data when it
does autosense.  Truncate this to the size of the SCSI layer sense
buffer to avoid an overrun.

Signed-off-by: HighPoint Linux Team <linux@highpoint-tech.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
drivers/scsi/hptiop.c

index 8515054cdf703ef079f7525334c24865276fa11b..0844331abb87f6fb151bf3335134799a3c23576f 100644 (file)
@@ -375,8 +375,9 @@ static void hptiop_host_request_callback(struct hptiop_hba *hba, u32 _tag)
                scp->result = SAM_STAT_CHECK_CONDITION;
                memset(&scp->sense_buffer,
                                0, sizeof(scp->sense_buffer));
-               memcpy(&scp->sense_buffer,
-                       &req->sg_list, le32_to_cpu(req->dataxfer_length));
+               memcpy(&scp->sense_buffer, &req->sg_list,
+                               min(sizeof(scp->sense_buffer),
+                                       le32_to_cpu(req->dataxfer_length)));
                break;
 
        default: