From: HighPoint Linux Team Date: Mon, 15 Oct 2007 06:42:52 +0000 (+0800) Subject: [SCSI] hptiop: avoid buffer overflow when returning sense data X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=0fec02c93f60fb44ba3a24a0d3e4a52521d34d3f;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git [SCSI] hptiop: avoid buffer overflow when returning sense data The newer firmware may return more than 96 bytes of sense data when it does autosense. Truncate this to the size of the SCSI layer sense buffer to avoid an overrun. Signed-off-by: HighPoint Linux Team Signed-off-by: James Bottomley --- diff --git a/drivers/scsi/hptiop.c b/drivers/scsi/hptiop.c index 8515054cdf70..0844331abb87 100644 --- a/drivers/scsi/hptiop.c +++ b/drivers/scsi/hptiop.c @@ -375,8 +375,9 @@ static void hptiop_host_request_callback(struct hptiop_hba *hba, u32 _tag) scp->result = SAM_STAT_CHECK_CONDITION; memset(&scp->sense_buffer, 0, sizeof(scp->sense_buffer)); - memcpy(&scp->sense_buffer, - &req->sg_list, le32_to_cpu(req->dataxfer_length)); + memcpy(&scp->sense_buffer, &req->sg_list, + min(sizeof(scp->sense_buffer), + le32_to_cpu(req->dataxfer_length))); break; default: