From mboxrd@z Thu Jan  1 00:00:00 1970
From: Robert Love <robert.w.love@intel.com>
Subject: [PATCH 17/24] libfc: fix symbolic name registrations smashing skb data
Date: Fri, 18 Sep 2009 15:50:32 -0700
Message-ID: <20090918225032.5928.46985.stgit@localhost.localdomain>
References: <20090918224847.5928.52092.stgit@localhost.localdomain>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Return-path: <linux-scsi-owner@vger.kernel.org>
Received: from mga01.intel.com ([192.55.52.88]:7614 "EHLO mga01.intel.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1758823AbZIRWu3 (ORCPT <rfc822;linux-scsi@vger.kernel.org>);
	Fri, 18 Sep 2009 18:50:29 -0400
In-Reply-To: <20090918224847.5928.52092.stgit@localhost.localdomain>
Sender: linux-scsi-owner@vger.kernel.org
List-Id: linux-scsi@vger.kernel.org
To: James.Bottomley@HansenPartnership.com, linux-scsi@vger.kernel.org
Cc: Joe Eykholt <jeykholt@cisco.com>, Robert Love <robert.w.love@intel.com>

From: Joe Eykholt <jeykholt@cisco.com>

The strncpy for RSPN_ID and RSNN_NN requests was padding
past the allocated frame size.

Get the string length before filling in the ct header.

Signed-off-by: Joe Eykholt <jeykholt@cisco.com>
Signed-off-by: Robert Love <robert.w.love@intel.com>
---

 include/scsi/fc_encode.h |   17 +++++++++--------
 1 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/include/scsi/fc_encode.h b/include/scsi/fc_encode.h
index c8968d3..ab2260c 100644
--- a/include/scsi/fc_encode.h
+++ b/include/scsi/fc_encode.h
@@ -111,6 +111,7 @@ static inline int fc_ct_fill(struct fc_lport *lport,
 		      enum fc_fh_type *fh_type)
 {
 	struct fc_ct_req *ct;
+	size_t len;
 
 	switch (op) {
 	case FC_NS_GPN_FT:
@@ -138,22 +139,22 @@ static inline int fc_ct_fill(struct fc_lport *lport,
 		break;
 
 	case FC_NS_RSPN_ID:
-		ct = fc_ct_hdr_fill(fp, op, sizeof(struct fc_ns_rspn));
+		len = strnlen(fc_host_symbolic_name(lport->host), 255);
+		ct = fc_ct_hdr_fill(fp, op, sizeof(struct fc_ns_rspn) + len);
 		hton24(ct->payload.spn.fr_fid.fp_fid,
 		       fc_host_port_id(lport->host));
 		strncpy(ct->payload.spn.fr_name,
-			fc_host_symbolic_name(lport->host), 255);
-		ct->payload.spn.fr_name_len =
-			strnlen(ct->payload.spn.fr_name, 255);
+			fc_host_symbolic_name(lport->host), len);
+		ct->payload.spn.fr_name_len = len;
 		break;
 
 	case FC_NS_RSNN_NN:
-		ct = fc_ct_hdr_fill(fp, op, sizeof(struct fc_ns_rsnn));
+		len = strnlen(fc_host_symbolic_name(lport->host), 255);
+		ct = fc_ct_hdr_fill(fp, op, sizeof(struct fc_ns_rsnn) + len);
 		put_unaligned_be64(lport->wwnn, &ct->payload.snn.fr_wwn);
 		strncpy(ct->payload.snn.fr_name,
-			fc_host_symbolic_name(lport->host), 255);
-		ct->payload.snn.fr_name_len =
-			strnlen(ct->payload.snn.fr_name, 255);
+			fc_host_symbolic_name(lport->host), len);
+		ct->payload.snn.fr_name_len = len;
 		break;
 
 	default: