summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHighPoint Linux Team <linux@highpoint-tech.com>2007-10-15 14:42:52 +0800
committerJames Bottomley <jejb@mulgrave.localdomain>2007-10-17 21:56:13 -0400
commit0fec02c93f60fb44ba3a24a0d3e4a52521d34d3f (patch)
treef46f69d450964347e0251a81133ab7ac2af784d9
parent7a39ac3f25bef018862a991d754aff681c019127 (diff)
[SCSI] hptiop: avoid buffer overflow when returning sense data
The newer firmware may return more than 96 bytes of sense data when it does autosense. Truncate this to the size of the SCSI layer sense buffer to avoid an overrun. Signed-off-by: HighPoint Linux Team <linux@highpoint-tech.com> Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
-rw-r--r--drivers/scsi/hptiop.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/drivers/scsi/hptiop.c b/drivers/scsi/hptiop.c
index 8515054cdf7..0844331abb8 100644
--- a/drivers/scsi/hptiop.c
+++ b/drivers/scsi/hptiop.c
@@ -375,8 +375,9 @@ static void hptiop_host_request_callback(struct hptiop_hba *hba, u32 _tag)
scp->result = SAM_STAT_CHECK_CONDITION;
memset(&scp->sense_buffer,
0, sizeof(scp->sense_buffer));
- memcpy(&scp->sense_buffer,
- &req->sg_list, le32_to_cpu(req->dataxfer_length));
+ memcpy(&scp->sense_buffer, &req->sg_list,
+ min(sizeof(scp->sense_buffer),
+ le32_to_cpu(req->dataxfer_length)));
break;
default: