[PATCH 2/2] cpqfc: fix for possible memory out of bounds bugzilla#243

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Patch 2 of 2

This patch fixes the Bugzilla Bug#243. This fix is to solve the possible
memory
out of bounds in BigEndianSwap routine of cpqfcTSworker.c

Please consider this for inclusion

Signed-off-by: Ramanamurthy Saripalli <[email protected]>

 cpqfcTScontrol.c |    2 --
 cpqfcTSworker.c  |    3 +++
 2 files changed, 3 insertions(+), 2 deletions(-)
------------------------------------------------------------------------
-------
diff -burpN old/drivers/scsi/cpqfcTScontrol.c
new/drivers/scsi/cpqfcTScontrol.c
--- old/drivers/scsi/cpqfcTScontrol.c	2005-07-12 22:52:29.000000000
+0530
+++ new/drivers/scsi/cpqfcTScontrol.c	2005-07-19 00:33:29.385458328
+0530
@@ -606,7 +606,6 @@ static int PeekIMQEntry( PTACHYON fcChip
         if( (fcChip->IMQ->QEntry[CI].type & 0x1FF) == 0x104 )
         { 
           TachFCHDR_GCMND* fchs;
-#error This is too much stack
           ULONG ulFibreFrame[2048/4];  // max DWORDS in incoming FC
Frame
 	  USHORT SFQpi = (USHORT)(fcChip->IMQ->QEntry[CI].word[0] &
0x0fffL);
 
@@ -718,7 +717,6 @@ int CpqTsProcessIMQEntry(void *host)
   ULONG x_ID;
   ULONG ulBuff, dwStatus;
   TachFCHDR_GCMND* fchs;
-#error This is too much stack
   ULONG ulFibreFrame[2048/4];  // max number of DWORDS in incoming
Fibre Frame
   UCHAR ucInboundMessageType;  // Inbound CM, dword 3 "type" field
 
diff -burpN old/drivers/scsi/cpqfcTSworker.c
new/drivers/scsi/cpqfcTSworker.c
--- old/drivers/scsi/cpqfcTSworker.c	2005-07-12 22:52:29.000000000
+0530
+++ new/drivers/scsi/cpqfcTSworker.c	2005-07-19 00:33:32.245023608
+0530
@@ -4024,6 +4024,9 @@ void BigEndianSwap( UCHAR *source, UCHAR
   int i,j;
 
   source+=3;   // start at MSB of 1st ULONG
+
+  cnt -= (cnt % 4 );
+
   for( j=0; j < cnt; j+=4, source+=4, dest+=4)  // every ULONG
   {
     for( i=0; i<4; i++)  // every UCHAR in ULONG
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/
[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]
  Powered by Linux