| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20210517095513.850-6-xieyongji@bytedance.com>
Date: Mon, 17 May 2021 17:55:06 +0800
From: Xie Yongji <xieyongji@...edance.com>
To: mst@...hat.com, jasowang@...hat.com, stefanha@...hat.com,
sgarzare@...hat.com, parav@...dia.com, hch@...radead.org,
christian.brauner@...onical.com, rdunlap@...radead.org,
willy@...radead.org, viro@...iv.linux.org.uk, axboe@...nel.dk,
bcrl@...ck.org, corbet@....net, mika.penttila@...tfour.com,
dan.carpenter@...cle.com, joro@...tes.org
Cc: virtualization@...ts.linux-foundation.org, netdev@...r.kernel.org,
kvm@...r.kernel.org, linux-fsdevel@...r.kernel.org,
iommu@...ts.linux-foundation.org, linux-kernel@...r.kernel.org
Subject: [PATCH v7 05/12] virtio_scsi: Add validation for residual bytes from response
This ensures that the residual bytes in response (might come
from an untrusted device) will not exceed the data buffer length.
Signed-off-by: Xie Yongji <xieyongji@...edance.com>
---
drivers/scsi/virtio_scsi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/virtio_scsi.c b/drivers/scsi/virtio_scsi.c
index efcaf0674c8d..ad7d8cecec32 100644
--- a/drivers/scsi/virtio_scsi.c
+++ b/drivers/scsi/virtio_scsi.c
@@ -97,7 +97,7 @@ static inline struct Scsi_Host *virtio_scsi_host(struct virtio_device *vdev)
static void virtscsi_compute_resid(struct scsi_cmnd *sc, u32 resid)
{
if (resid)
- scsi_set_resid(sc, resid);
+ scsi_set_resid(sc, min(resid, scsi_bufflen(sc)));
}
/*
--
2.11.0
Powered by blists - more mailing lists