linux-stable/drivers/scsi/arcmsr
Kees Cook 86a6a0bdbe scsi: arcmsr: Avoid over-read of sense buffer
In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memcpy(), memmove(), and memset(), avoid
intentionally reading across neighboring array fields.

pcmd->sense_buffer is 96 bytes, and was being manually zero-filled.
However, struct SENSE_DATA is 18 bytes, with ccb->arcmsr_cdb.SenseData only
being 15 bytes, resulting in a 3 byte over-read.

Copy only the contents of ccb->arcmsr_cdb.SenseData and zero fill the
remainder, avoiding potential over-reads.

Link: https://lore.kernel.org/r/20210616212428.1726958-1-keescook@chromium.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2021-06-18 23:26:33 -04:00
..
arcmsr.h scsi: arcmsr: Update driver version to v1.50.00.05-20210429 2021-05-21 16:55:32 -04:00
arcmsr_attr.c scsi: docs: convert arcmsr_spec.txt to ReST 2020-03-11 23:08:03 -04:00
arcmsr_hba.c scsi: arcmsr: Avoid over-read of sense buffer 2021-06-18 23:26:33 -04:00
Makefile treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00