From: Manish Rangankar Date: Tue, 7 Aug 2012 11:57:13 +0000 (-0400) Subject: [SCSI] qla4xxx: Fix memory corruption issue in qla4xxx_ep_connect. X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=d46bdeb14447f0b7e4420c7b1525c8ad9f64ed1b;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git [SCSI] qla4xxx: Fix memory corruption issue in qla4xxx_ep_connect. In qla4xxx_ep_connect(), qla_ep->dst_addr and dst_addr are type struct sockaddr. We are copying sizeof(struct sockaddr_in6) bytes from dst_addr to qla_ep->dst_addr which is 12 bytes larger. This will cause memory corruption. So we change qla_ep->dst_addr to struct sockaddr_storage which is of 128 byte, large enough to hold sizeof(struct sockaddr_in6). Signed-off-by: Manish Rangankar Signed-off-by: Vikas Chaudhary Reviewed-by: Mike Christie Signed-off-by: James Bottomley --- diff --git a/drivers/scsi/qla4xxx/ql4_def.h b/drivers/scsi/qla4xxx/ql4_def.h index 7fdba7f1ffb7..c298ee9002f7 100644 --- a/drivers/scsi/qla4xxx/ql4_def.h +++ b/drivers/scsi/qla4xxx/ql4_def.h @@ -752,7 +752,7 @@ struct ql4_task_data { struct qla_endpoint { struct Scsi_Host *host; - struct sockaddr dst_addr; + struct sockaddr_storage dst_addr; }; struct qla_conn { diff --git a/drivers/scsi/qla4xxx/ql4_mbx.c b/drivers/scsi/qla4xxx/ql4_mbx.c index cab8f665a41f..23a10ead3eb5 100644 --- a/drivers/scsi/qla4xxx/ql4_mbx.c +++ b/drivers/scsi/qla4xxx/ql4_mbx.c @@ -1695,7 +1695,7 @@ int qla4xxx_set_param_ddbentry(struct scsi_qla_host *ha, conn = cls_conn->dd_data; qla_conn = conn->dd_data; sess = conn->session; - dst_addr = &qla_conn->qla_ep->dst_addr; + dst_addr = (struct sockaddr *)&qla_conn->qla_ep->dst_addr; if (dst_addr->sa_family == AF_INET6) options |= IPV6_DEFAULT_DDB_ENTRY; diff --git a/drivers/scsi/qla4xxx/ql4_os.c b/drivers/scsi/qla4xxx/ql4_os.c index 9da426628b97..77a969a4b375 100644 --- a/drivers/scsi/qla4xxx/ql4_os.c +++ b/drivers/scsi/qla4xxx/ql4_os.c @@ -1366,7 +1366,7 @@ static int qla4xxx_conn_get_param(struct iscsi_cls_conn *cls_conn, conn = cls_conn->dd_data; qla_conn = conn->dd_data; - dst_addr = &qla_conn->qla_ep->dst_addr; + dst_addr = (struct sockaddr *)&qla_conn->qla_ep->dst_addr; switch (param) { case ISCSI_PARAM_CONN_PORT: