git.kernel.dk Git - linux-2.6-block.git/commit

author	James Smart <jsmart2021@gmail.com>
	Tue, 28 Jan 2020 00:23:07 +0000 (16:23 -0800)
committer	Martin K. Petersen <martin.petersen@oracle.com>
	Tue, 11 Feb 2020 03:46:56 +0000 (22:46 -0500)
commit	4cb9e1ddaa145be9ed67b6a7de98ca705a43f998
tree	6d4c886867633228f57e4a477684e64930c4b5a5	tree \| snapshot
parent	a99c80742af4b58bfd2d16cada8ee73cb9618649	commit \| diff

scsi: lpfc: Fix coverity errors in fmdi attribute handling

Coverity reported a memory corruption error for the fdmi attributes
routines:

CID 15768 [Memory Corruption] Out-of-bounds access on FDMI

Sloppy coding of the fmdi structures. In both the lpfc_fdmi_attr_def and
lpfc_fdmi_reg_port_list structures, a field was placed at the start of
payload that may have variable content. The field was given an arbitrary
type (uint32_t). The code then uses the field name to derive an address,
which it used in things such as memset and memcpy. The memset sizes or
memcpy lengths were larger than the arbitrary type, thus coverity reported
an error.

Fix by replacing the arbitrary fields with the real field structures
describing the payload.

Link: https://lore.kernel.org/r/20200128002312.16346-8-jsmart2021@gmail.com
Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

drivers/scsi/lpfc/lpfc_ct.c		diff \| blob \| blame \| history
drivers/scsi/lpfc/lpfc_hw.h		diff \| blob \| blame \| history