Fullway, > The code in sbp_make_tpg() is confusing because tpgt was limited > to UINT_MAX but the datatype of tpg->tport_tpgt is actually u16. > Correctly fix the data type problem to avoid integer overflow. > > This is similar to CVE-2015-4036 in the sense that sbp is a clone > of vhost/scsi, and the bug was inherited but never fixed. > +#define SBP_MAX_TARGET 256 Why 256? -- Martin K. Petersen Oracle Linux Engineering
