Date: Mon, 2 Mar 2020 16:11:25 +0000 (UTC) From: Leandro Lupori <luporl@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r358550 - head/sys/dev/aacraid Message-ID: <202003021611.022GBPl6012938@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: luporl Date: Mon Mar 2 16:11:25 2020 New Revision: 358550 URL: https://svnweb.freebsd.org/changeset/base/358550 Log: [aacraid] Prevent sense data from causing a buffer overflow This issue was observed on a PowerPC64 machine with an Adaptec RAID Controller with PCI device ID 0x028d, where sense data was causing a buffer overflow because of wrong max sense length logic. Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D23667 Modified: head/sys/dev/aacraid/aacraid_cam.c Modified: head/sys/dev/aacraid/aacraid_cam.c ============================================================================== --- head/sys/dev/aacraid/aacraid_cam.c Mon Mar 2 15:58:50 2020 (r358549) +++ head/sys/dev/aacraid/aacraid_cam.c Mon Mar 2 16:11:25 2020 (r358550) @@ -1182,7 +1182,7 @@ aac_cam_complete(struct aac_command *cm) scsi_sense_len) ? scsi_sense_len : srbr->sense_len; bcopy(&srbr->sense[0], &ccb->csio.sense_data, - srbr->sense_len); + sense_len); ccb->csio.sense_len = sense_len; ccb->ccb_h.status |= CAM_AUTOSNS_VALID; // scsi_sense_print(&ccb->csio);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202003021611.022GBPl6012938>