For Target Portal Group IDs occupying the full 2 bytes in the RTPG
response, the following group_id check in alua_rtpg() always fails
because 'ucp' is only a signed char:
if (h->group_id == (ucp[2] << 8) + ucp[3]) {
Fix this signed char overflow by changing 'ucp' to an unsigned char
pointer (same type used for 'buff' member of alua_dh_data structure).
Reported-by: Martin George <marting@xxxxxxxxxx>
Signed-off-by: Mike Snitzer <snitzer@xxxxxxxxxx>
---
drivers/scsi/device_handler/scsi_dh_alua.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/drivers/scsi/device_handler/scsi_dh_alua.c b/drivers/scsi/device_handler/scsi_dh_alua.c
index 6b72932..536df91 100644
--- a/drivers/scsi/device_handler/scsi_dh_alua.c
+++ b/drivers/scsi/device_handler/scsi_dh_alua.c
@@ -545,7 +545,7 @@ static int alua_rtpg(struct scsi_device *sdev, struct alua_dh_data *h)
{
struct scsi_sense_hdr sense_hdr;
int len, k, off, valid_states = 0;
- char *ucp;
+ unsigned char *ucp;
unsigned err;
unsigned long expiry, interval = 10;
--
1.7.3.4
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
