Re: [PATCH] fix: lpfc_send_rscn_event sends bigger buffer size
From: Hannes Reinecke
Date: Wed Aug 26 2015 - 08:53:19 EST
On 08/20/2015 01:35 PM, Ales Novak wrote:
> lpfc_send_rscn_event() allocates data for sizeof(struct
> lpfc_rscn_event_header) + payload_len, but claims that the data has size
> of sizeof(struct lpfc_els_event_header) + payload_len. That leads to
> buffer overruns.
>
> Signed-off-by: Ales Novak <alnovak@xxxxxxx>
> ---
> drivers/scsi/lpfc/lpfc_els.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/scsi/lpfc/lpfc_els.c b/drivers/scsi/lpfc/lpfc_els.c
> index 36bf58b..136928e 100644
> --- a/drivers/scsi/lpfc/lpfc_els.c
> +++ b/drivers/scsi/lpfc/lpfc_els.c
> @@ -5444,7 +5444,7 @@ lpfc_send_rscn_event(struct lpfc_vport *vport,
>
> fc_host_post_vendor_event(shost,
> fc_get_event_number(),
> - sizeof(struct lpfc_els_event_header) + payload_len,
> + sizeof(struct lpfc_rscn_event_header) + payload_len,
> (char *)rscn_event_data,
> LPFC_NL_VENDOR_ID);
>
>
Reviewed-by: Hannes Reinecke <hare@xxxxxxx>
Cheers,
Hannes
--
Dr. Hannes Reinecke zSeries & Storage
hare@xxxxxxx +49 911 74053 688
SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nürnberg
GF: F. Imendörffer, J. Smithard, J. Guild, D. Upmanyu, G. Norton
HRB 21284 (AG Nürnberg)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/