| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20210528181337.792268-4-keescook@chromium.org>
Date: Fri, 28 May 2021 11:13:37 -0700
From: Kees Cook <keescook@...omium.org>
To: "Martin K . Petersen" <martin.petersen@...cle.com>
Cc: Kees Cook <keescook@...omium.org>, Hannes Reinecke <hare@...e.de>,
"James E.J. Bottomley" <jejb@...ux.ibm.com>,
"Gustavo A. R. Silva" <gustavoars@...nel.org>,
Bradley Grove <linuxdrivers@...otech.com>,
Artur Paszkiewicz <artur.paszkiewicz@...el.com>,
linux-kernel@...r.kernel.org, linux-scsi@...r.kernel.org,
linux-hardening@...r.kernel.org
Subject: [PATCH 3/3] scsi: isci: Use correctly sized target buffer for memcpy()
In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memcpy(), avoid intentionally writing across
neighboring array fields.
Switch from rsp_ui to resp_buf, since resp_ui isn't SSP_RESP_IU_MAX_SIZE
bytes in length. This avoids future compile-time warnings.
Signed-off-by: Kees Cook <keescook@...omium.org>
---
drivers/scsi/isci/task.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/isci/task.c b/drivers/scsi/isci/task.c
index 62062ed6cd9a..eeaec26ac324 100644
--- a/drivers/scsi/isci/task.c
+++ b/drivers/scsi/isci/task.c
@@ -709,8 +709,8 @@ isci_task_request_complete(struct isci_host *ihost,
tmf->status = completion_status;
if (tmf->proto == SAS_PROTOCOL_SSP) {
- memcpy(&tmf->resp.resp_iu,
- &ireq->ssp.rsp,
+ memcpy(tmf->resp.rsp_buf,
+ ireq->ssp.rsp_buf,
SSP_RESP_IU_MAX_SIZE);
} else if (tmf->proto == SAS_PROTOCOL_SATA) {
memcpy(&tmf->resp.d2h_fis,
--
2.25.1
Powered by blists - more mailing lists