* [PATCH] fix: lpfc_send_rscn_event sends bigger buffer size
@ 2015-08-20 11:35 Ales Novak
2015-08-26 12:53 ` Hannes Reinecke
0 siblings, 1 reply; 2+ messages in thread
From: Ales Novak @ 2015-08-20 11:35 UTC (permalink / raw)
To: James Smart, Dick Kennedy, James E.J. Bottomley, linux-scsi,
linux-kernel
Cc: Ales Novak
lpfc_send_rscn_event() allocates data for sizeof(struct
lpfc_rscn_event_header) + payload_len, but claims that the data has size
of sizeof(struct lpfc_els_event_header) + payload_len. That leads to
buffer overruns.
Signed-off-by: Ales Novak <alnovak@suse.cz>
---
drivers/scsi/lpfc/lpfc_els.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/lpfc/lpfc_els.c b/drivers/scsi/lpfc/lpfc_els.c
index 36bf58b..136928e 100644
--- a/drivers/scsi/lpfc/lpfc_els.c
+++ b/drivers/scsi/lpfc/lpfc_els.c
@@ -5444,7 +5444,7 @@ lpfc_send_rscn_event(struct lpfc_vport *vport,
fc_host_post_vendor_event(shost,
fc_get_event_number(),
- sizeof(struct lpfc_els_event_header) + payload_len,
+ sizeof(struct lpfc_rscn_event_header) + payload_len,
(char *)rscn_event_data,
LPFC_NL_VENDOR_ID);
--
2.4.1.168.g1ea28e1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] fix: lpfc_send_rscn_event sends bigger buffer size
2015-08-20 11:35 [PATCH] fix: lpfc_send_rscn_event sends bigger buffer size Ales Novak
@ 2015-08-26 12:53 ` Hannes Reinecke
0 siblings, 0 replies; 2+ messages in thread
From: Hannes Reinecke @ 2015-08-26 12:53 UTC (permalink / raw)
To: Ales Novak, James Smart, Dick Kennedy, James E.J. Bottomley,
linux-scsi, linux-kernel
On 08/20/2015 01:35 PM, Ales Novak wrote:
> lpfc_send_rscn_event() allocates data for sizeof(struct
> lpfc_rscn_event_header) + payload_len, but claims that the data has size
> of sizeof(struct lpfc_els_event_header) + payload_len. That leads to
> buffer overruns.
>
> Signed-off-by: Ales Novak <alnovak@suse.cz>
> ---
> drivers/scsi/lpfc/lpfc_els.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/scsi/lpfc/lpfc_els.c b/drivers/scsi/lpfc/lpfc_els.c
> index 36bf58b..136928e 100644
> --- a/drivers/scsi/lpfc/lpfc_els.c
> +++ b/drivers/scsi/lpfc/lpfc_els.c
> @@ -5444,7 +5444,7 @@ lpfc_send_rscn_event(struct lpfc_vport *vport,
>
> fc_host_post_vendor_event(shost,
> fc_get_event_number(),
> - sizeof(struct lpfc_els_event_header) + payload_len,
> + sizeof(struct lpfc_rscn_event_header) + payload_len,
> (char *)rscn_event_data,
> LPFC_NL_VENDOR_ID);
>
>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Cheers,
Hannes
--
Dr. Hannes Reinecke zSeries & Storage
hare@suse.de +49 911 74053 688
SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nürnberg
GF: F. Imendörffer, J. Smithard, J. Guild, D. Upmanyu, G. Norton
HRB 21284 (AG Nürnberg)
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-08-26 12:53 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-08-20 11:35 [PATCH] fix: lpfc_send_rscn_event sends bigger buffer size Ales Novak
2015-08-26 12:53 ` Hannes Reinecke
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).