[PATCH 38/54] libfc: fix symbolic name registrations smashing skb data

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Joe Eykholt <jeykholt@xxxxxxxxx>

The strncpy for RSPN_ID and RSNN_NN requests was padding
past the allocated frame size.

Get the string length before filling in the ct header.

Signed-off-by: Joe Eykholt <jeykholt@xxxxxxxxx>
Signed-off-by: Robert Love <robert.w.love@xxxxxxxxx>
---

 include/scsi/fc_encode.h |   17 +++++++++--------
 1 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/include/scsi/fc_encode.h b/include/scsi/fc_encode.h
index c8968d3..ab2260c 100644
--- a/include/scsi/fc_encode.h
+++ b/include/scsi/fc_encode.h
@@ -111,6 +111,7 @@ static inline int fc_ct_fill(struct fc_lport *lport,
 		      enum fc_fh_type *fh_type)
 {
 	struct fc_ct_req *ct;
+	size_t len;
 
 	switch (op) {
 	case FC_NS_GPN_FT:
@@ -138,22 +139,22 @@ static inline int fc_ct_fill(struct fc_lport *lport,
 		break;
 
 	case FC_NS_RSPN_ID:
-		ct = fc_ct_hdr_fill(fp, op, sizeof(struct fc_ns_rspn));
+		len = strnlen(fc_host_symbolic_name(lport->host), 255);
+		ct = fc_ct_hdr_fill(fp, op, sizeof(struct fc_ns_rspn) + len);
 		hton24(ct->payload.spn.fr_fid.fp_fid,
 		       fc_host_port_id(lport->host));
 		strncpy(ct->payload.spn.fr_name,
-			fc_host_symbolic_name(lport->host), 255);
-		ct->payload.spn.fr_name_len =
-			strnlen(ct->payload.spn.fr_name, 255);
+			fc_host_symbolic_name(lport->host), len);
+		ct->payload.spn.fr_name_len = len;
 		break;
 
 	case FC_NS_RSNN_NN:
-		ct = fc_ct_hdr_fill(fp, op, sizeof(struct fc_ns_rsnn));
+		len = strnlen(fc_host_symbolic_name(lport->host), 255);
+		ct = fc_ct_hdr_fill(fp, op, sizeof(struct fc_ns_rsnn) + len);
 		put_unaligned_be64(lport->wwnn, &ct->payload.snn.fr_wwn);
 		strncpy(ct->payload.snn.fr_name,
-			fc_host_symbolic_name(lport->host), 255);
-		ct->payload.snn.fr_name_len =
-			strnlen(ct->payload.snn.fr_name, 255);
+			fc_host_symbolic_name(lport->host), len);
+		ct->payload.snn.fr_name_len = len;
 		break;
 
 	default:

--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]
  Powered by Linux