lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 28 May 2021 15:29:46 -0500
From:   "Gustavo A. R. Silva" <gustavo@...eddedor.com>
To:     Kees Cook <keescook@...omium.org>,
        "Martin K . Petersen" <martin.petersen@...cle.com>
Cc:     Hannes Reinecke <hare@...e.de>,
        "James E.J. Bottomley" <jejb@...ux.ibm.com>,
        "Gustavo A. R. Silva" <gustavoars@...nel.org>,
        Bradley Grove <linuxdrivers@...otech.com>,
        Artur Paszkiewicz <artur.paszkiewicz@...el.com>,
        linux-kernel@...r.kernel.org, linux-scsi@...r.kernel.org,
        linux-hardening@...r.kernel.org
Subject: Re: [PATCH 3/3] scsi: isci: Use correctly sized target buffer for
 memcpy()



On 5/28/21 13:13, Kees Cook wrote:
> In preparation for FORTIFY_SOURCE performing compile-time and run-time
> field bounds checking for memcpy(), avoid intentionally writing across
> neighboring array fields.
> 
> Switch from rsp_ui to resp_buf, since resp_ui isn't SSP_RESP_IU_MAX_SIZE
> bytes in length. This avoids future compile-time warnings.
> 
> Signed-off-by: Kees Cook <keescook@...omium.org>

Reviewed-by: Gustavo A. R. Silva <gustavoars@...nel.org>

Thanks
--
Gustavo

> ---
>  drivers/scsi/isci/task.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/scsi/isci/task.c b/drivers/scsi/isci/task.c
> index 62062ed6cd9a..eeaec26ac324 100644
> --- a/drivers/scsi/isci/task.c
> +++ b/drivers/scsi/isci/task.c
> @@ -709,8 +709,8 @@ isci_task_request_complete(struct isci_host *ihost,
>  		tmf->status = completion_status;
>  
>  		if (tmf->proto == SAS_PROTOCOL_SSP) {
> -			memcpy(&tmf->resp.resp_iu,
> -			       &ireq->ssp.rsp,
> +			memcpy(tmf->resp.rsp_buf,
> +			       ireq->ssp.rsp_buf,
>  			       SSP_RESP_IU_MAX_SIZE);
>  		} else if (tmf->proto == SAS_PROTOCOL_SATA) {
>  			memcpy(&tmf->resp.d2h_fis,
> 

Powered by blists - more mailing lists