Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 0256f875f23ac806e83befb3d7f3e7d545f59006
commit0256f875f23ac806e83befb3d7f3e7d545f59006[log] [tgz]
authorKees Cook <keescook@chromium.org>Tue May 09 15:34:44 2017 -0700
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>Sat Dec 08 13:05:06 2018 +0100
tree1ee1237623e1709afb51d8e95e8dde6a6e9dfa24
parentb2b93631769364c4e40e8655d7e30915fddf69d3 [diff]
scsi: csiostor: Avoid content leaks and casts

commit 42c335f7e67029d2e01711f2f2bc6252277c8993 upstream.

When copying attributes, the len argument was padded out and the
resulting memcpy() would copy beyond the end of the source buffer.
Avoid this, and use size_t for val_len to avoid all the casts.
Similarly, avoid source buffer casts and use void *.

Additionally enforces val_len can be represented by u16 and that the DMA
buffer was not overflowed. Fixes the size of mfa, which is not
FC_FDMI_PORT_ATTR_MAXFRAMESIZE_LEN (but it will be padded up to 4). This
was noticed by the future CONFIG_FORTIFY_SOURCE checks.

Cc: Daniel Micay <danielmicay@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Varun Prakash <varun@chelsio.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 file changed
tree: 1ee1237623e1709afb51d8e95e8dde6a6e9dfa24
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitattributes
  26. .gitignore
  27. .mailmap
  28. COPYING
  29. CREDITS
  30. Kbuild
  31. Kconfig
  32. MAINTAINERS
  33. Makefile
  34. README
  35. REPORTING-BUGS