Hi Dan,
On Fri, Mar 17, 2017 at 05:10:26AM +0530, Dan Carpenter wrote:
> Hello Varun Prakash,
>
> The patch 9730ffcb8957: "cxgbit: add files for cxgbit.ko" from Apr
> 20, 2016, leads to the following static checker warning:
>
> drivers/target/iscsi/cxgbit/cxgbit_target.c:1442 cxgbit_lro_skb_merge()
> warn: buffer overflow 'ssi->frags' 17 <= 255
>
> drivers/target/iscsi/cxgbit/cxgbit_target.c:1464 cxgbit_lro_skb_merge()
> warn: buffer overflow 'ssi->frags' 17 <= 255
>
Following check in cxgbit_lro_receive() prevents buffer overflow
drivers/target/iscsi/cxgbit/cxgbit_main.c
373 static int
374 cxgbit_lro_receive(struct cxgbit_sock *csk, u8 op, const __be64 *rsp,
375 const struct pkt_gl *gl, struct t4_lro_mgr *lro_mgr,
376 struct napi_struct *napi)
377 {
...
403
404 add_packet:
405 skb = csk->lro_skb;
406 lro_cb = cxgbit_skb_lro_cb(skb);
407
408 if ((gl && (((skb_shinfo(skb)->nr_frags + gl->nfrags) >
409 MAX_SKB_FRAGS) || (lro_cb->pdu_totallen >= LRO_FLUSH_LEN_MAX))) ||
410 (lro_cb->pdu_idx >= MAX_SKB_FRAGS)) {
411 cxgbit_lro_flush(lro_mgr, skb);
412 goto start_lro;
413 }
414
...
423
424 out:
425 return -1;
426 }
Thanks
Varun
--
To unsubscribe from this list: send the line "unsubscribe target-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
