Author: mav
Date: Tue Feb 28 05:17:50 2017
New Revision: 314374
URL: https://svnweb.freebsd.org/changeset/base/314374
Log:
Add safety check against too long CDB.
SBP-2 specification defined maximum CDB length as 12 bytes. Newer SBP-3
specification allows CDB of any size, but this driver is too old. Proper
solution would be to look on maximal ORB size supported by the target.
MFC after: 1 week
Modified:
head/sys/dev/firewire/sbp.c
Modified: head/sys/dev/firewire/sbp.c
==============================================================================
--- head/sys/dev/firewire/sbp.c Tue Feb 28 05:14:42 2017 (r314373)
+++ head/sys/dev/firewire/sbp.c Tue Feb 28 05:17:50 2017 (r314374)
@@ -2367,6 +2367,11 @@ END_DEBUG
xpt_done(ccb);
return;
}
+ if (csio->cdb_len > sizeof(ocb->orb) - 5 * sizeof(uint32_t)) {
+ ccb->ccb_h.status = CAM_REQ_INVALID;
+ xpt_done(ccb);
+ return;
+ }
#if 0
/* if we are in probe stage, pass only probe commands */
if (sdev->status == SBP_DEV_PROBE) {
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
