Author: luporl Date: Mon Mar 2 16:11:25 2020 New Revision: 358550 URL: https://svnweb.freebsd.org/changeset/base/358550
Log: [aacraid] Prevent sense data from causing a buffer overflow This issue was observed on a PowerPC64 machine with an Adaptec RAID Controller with PCI device ID 0x028d, where sense data was causing a buffer overflow because of wrong max sense length logic. Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D23667 Modified: head/sys/dev/aacraid/aacraid_cam.c Modified: head/sys/dev/aacraid/aacraid_cam.c ============================================================================== --- head/sys/dev/aacraid/aacraid_cam.c Mon Mar 2 15:58:50 2020 (r358549) +++ head/sys/dev/aacraid/aacraid_cam.c Mon Mar 2 16:11:25 2020 (r358550) @@ -1182,7 +1182,7 @@ aac_cam_complete(struct aac_command *cm) scsi_sense_len) ? scsi_sense_len : srbr->sense_len; bcopy(&srbr->sense[0], &ccb->csio.sense_data, - srbr->sense_len); + sense_len); ccb->csio.sense_len = sense_len; ccb->ccb_h.status |= CAM_AUTOSNS_VALID; // scsi_sense_print(&ccb->csio); _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"