projects / GitHub / moto-9609 / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2d15025)
target: Fix missing length check in spc_emulate_evpd_83()
authorRoland Dreier <roland@purestorage.com>
Mon, 3 Feb 2014 08:35:03 +0000 (00:35 -0800)
committerNicholas Bellinger <nab@linux-iscsi.org>
Wed, 12 Feb 2014 23:11:04 +0000 (15:11 -0800)
Commit fbfe858fea2a ("target_core_spc: Include target device
descriptor in VPD page 83") added a new length variable, but (due to a
cut and paste mistake?) just checks scsi_name_len against 256 twice.
Fix this to check scsi_target_len for overflow too.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
drivers/target/target_core_spc.c patch | blob | blame | history

diff --git a/drivers/target/target_core_spc.c b/drivers/target/target_core_spc.c
index 43c5ca9878bc5b6f3f1d675c04779b245ccc1a22..3bebc71ea033908e8e64843ba98b295b030a78ad 100644 (file)
--- a/drivers/target/target_core_spc.c
+++ b/drivers/target/target_core_spc.c
@@ -440,8 +440,8 @@ check_scsi_name:
                padding = ((-scsi_target_len) & 3);
                if (padding)
                        scsi_target_len += padding;
-               if (scsi_name_len > 256)
-                       scsi_name_len = 256;
+               if (scsi_target_len > 256)
+                       scsi_target_len = 256;
 
                buf[off-1] = scsi_target_len;
                off += scsi_target_len;