Message ID | 20221123074546.30340-1-arefev@swemel.ru (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | scsi: bfa: Eliminated buffer overflow | expand |
diff --git a/drivers/scsi/bfa/bfad_bsg.c b/drivers/scsi/bfa/bfad_bsg.c index be8dfbe13e90..78615ffc62ef 100644 --- a/drivers/scsi/bfa/bfad_bsg.c +++ b/drivers/scsi/bfa/bfad_bsg.c @@ -98,9 +98,9 @@ bfad_iocmd_ioc_get_info(struct bfad_s *bfad, void *cmd) /* set adapter hw path */ strcpy(iocmd->adapter_hwpath, bfad->pci_name); - for (i = 0; iocmd->adapter_hwpath[i] != ':' && i < BFA_STRING_32; i++) + for (i = 0; iocmd->adapter_hwpath[i] != ':' && i < BFA_STRING_32-2; i++) ; - for (; iocmd->adapter_hwpath[++i] != ':' && i < BFA_STRING_32; ) + for (; iocmd->adapter_hwpath[++i] != ':' && i < BFA_STRING_32-1; ) ; iocmd->adapter_hwpath[i] = '\0'; iocmd->status = BFA_STATUS_OK;
Buffer 'cmd->adapter_hwpath' of size 32 accessed at bfad_bsg.c:101:103 can overflow, since its index 'i' can have value 32 that is out of range. Signed-off-by: Denis Arefev <arefev@swemel.ru> --- drivers/scsi/bfa/bfad_bsg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)