mirror of
https://github.com/freebsd/freebsd-src.git
synced 2024-11-27 09:12:44 +00:00
cam: fix integer overflow during inquiry
From my understanding this could happen with iSCSI LUNs with unusually long names. The bug would make CAM fail to retrieve the full inquiry data. Instead of bumping the size of the local variable, just use a macro. Reviewed By: imp, mav Sponsored by: NetApp, Inc. Sponsored by: Klara, Inc. X-NetApp-PR: #50 Differential Revision: https://reviews.freebsd.org/D29991
This commit is contained in:
parent
8f1562430f
commit
7818653fd6
@ -1210,8 +1210,6 @@ out:
|
||||
|
||||
if (periph_qual == SID_QUAL_LU_CONNECTED ||
|
||||
periph_qual == SID_QUAL_LU_OFFLINE) {
|
||||
u_int8_t len;
|
||||
|
||||
/*
|
||||
* We conservatively request only
|
||||
* SHORT_INQUIRY_LEN bytes of inquiry
|
||||
@ -1222,11 +1220,9 @@ out:
|
||||
* the amount of information the device
|
||||
* is willing to give.
|
||||
*/
|
||||
len = inq_buf->additional_length
|
||||
+ offsetof(struct scsi_inquiry_data,
|
||||
additional_length) + 1;
|
||||
if (softc->action == PROBE_INQUIRY
|
||||
&& len > SHORT_INQUIRY_LENGTH) {
|
||||
&& SID_ADDITIONAL_LENGTH(inq_buf)
|
||||
> SHORT_INQUIRY_LENGTH) {
|
||||
PROBE_SET_ACTION(softc, PROBE_FULL_INQUIRY);
|
||||
xpt_release_ccb(done_ccb);
|
||||
xpt_schedule(periph, priority);
|
||||
|
Loading…
Reference in New Issue
Block a user