git.baikalelectronics.ru Git - kernel.git/commit

author	James Smart <jsmart2021@gmail.com>
	Tue, 28 Jan 2020 00:23:07 +0000 (16:23 -0800)
committer	Martin K. Petersen <martin.petersen@oracle.com>
	Tue, 11 Feb 2020 03:46:56 +0000 (22:46 -0500)
commit	f6b1f9511276fd0fbefdbbf3e57cea034b45585d
tree	6d4c886867633228f57e4a477684e64930c4b5a5	tree \| snapshot
parent	00449d8277b5b33c3f5cc71f83bd0729f0e16262	commit \| diff

scsi: lpfc: Fix coverity errors in fmdi attribute handling

Coverity reported a memory corruption error for the fdmi attributes
routines:

CID 15768 [Memory Corruption] Out-of-bounds access on FDMI

Sloppy coding of the fmdi structures. In both the lpfc_fdmi_attr_def and
lpfc_fdmi_reg_port_list structures, a field was placed at the start of
payload that may have variable content. The field was given an arbitrary
type (uint32_t). The code then uses the field name to derive an address,
which it used in things such as memset and memcpy. The memset sizes or
memcpy lengths were larger than the arbitrary type, thus coverity reported
an error.

Fix by replacing the arbitrary fields with the real field structures
describing the payload.

Link: https://lore.kernel.org/r/20200128002312.16346-8-jsmart2021@gmail.com
Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

drivers/scsi/lpfc/lpfc_ct.c		diff \| blob \| history
drivers/scsi/lpfc/lpfc_hw.h		diff \| blob \| history