[PATCH] st: reject MTIOCTOP mt_count values out of range for the SPACE(6) scsi command

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Values greater than 0x7FFFFF do not fit in the 24 bit big endian two's
complement integer for the underlying scsi SPACE(6) command.

Signed-off-by: Patrick Strateman <patrick.strateman@xxxxxxxxx>
---
 drivers/scsi/st.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/drivers/scsi/st.c b/drivers/scsi/st.c
index 43f7624508a9..190fa678d149 100644
--- a/drivers/scsi/st.c
+++ b/drivers/scsi/st.c
@@ -2719,6 +2719,22 @@ static int st_int_ioctl(struct scsi_tape *STp,
unsigned int cmd_in, unsigned lon
     blkno = STps->drv_block;
     at_sm = STps->at_sm;

+    switch (cmd_in) {
+    case MTFSFM:
+    case MTFSF:
+    case MTBSFM:
+    case MTBSF:
+    case MTFSR:
+    case MTBSR:
+    case MTFSS:
+    case MTBSS:
+        // count field for SPACE(6) is a 24 bit big endian two's
complement integer
+        if (arg > 0x7FFFFF) {
+            st_printk(ST_DEB_MSG, STp, "Cannot space more than
0x7FFFFF units.\n");
+            return (-EINVAL);
+        }
+    }
+
     memset(cmd, 0, MAX_COMMAND_SIZE);
     switch (cmd_in) {
     case MTFSFM:
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]

  Powered by Linux