Re: [PATCH] target: sbp: integer overflow and potential memory corruption

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Fullway,

> The code in sbp_make_tpg() is confusing because tpgt was limited
> to UINT_MAX but the datatype of tpg->tport_tpgt is actually u16.
> Correctly fix the data type problem to avoid integer overflow.
>
> This is similar to CVE-2015-4036 in the sense that sbp is a clone
> of vhost/scsi, and the bug was inherited but never fixed.

> +#define SBP_MAX_TARGET	256

Why 256?

-- 
Martin K. Petersen	Oracle Linux Engineering
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]

  Powered by Linux