diff options
author | Alan Stern <stern@rowland.harvard.edu> | 2016-06-23 21:05:26 +0200 |
---|---|---|
committer | Martin K. Petersen <martin.petersen@oracle.com> | 2016-06-29 06:51:31 +0200 |
commit | 5e7ff2ca7f2da55fe777167849d0c93403bd0dc8 (patch) | |
tree | 5fb37d646be7e708c503feabed417afb14328b95 /virt/kvm/arm/vgic.c | |
parent | ipr: Clear interrupt on croc/crocodile when running with LSI (diff) | |
download | linux-5e7ff2ca7f2da55fe777167849d0c93403bd0dc8.tar.xz linux-5e7ff2ca7f2da55fe777167849d0c93403bd0dc8.zip |
SCSI: fix new bug in scsi_dev_info_list string matching
Commit b704f70ce200 ("SCSI: fix bug in scsi_dev_info_list matching")
changed the way vendor- and model-string matching was carried out in the
routine that looks up entries in a SCSI devinfo list. The new matching
code failed to take into account the case of a maximum-length string; in
such cases it could end up testing for a terminating '\0' byte beyond
the end of the memory allocated to the string. This out-of-bounds bug
was detected by UBSAN.
I don't know if anybody has actually encountered this bug. The symptom
would be that a device entry in the blacklist might not be matched
properly if it contained an 8-character vendor name or a 16-character
model name. Such entries certainly exist in scsi_static_device_list.
This patch fixes the problem by adding a check for a maximum-length
string before the '\0' test.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Fixes: b704f70ce200 ("SCSI: fix bug in scsi_dev_info_list matching")
Tested-by: Wilfried Klaebe <linux-kernel@lebenslange-mailadresse.de>
CC: <stable@vger.kernel.org> # v4.4+
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Diffstat (limited to 'virt/kvm/arm/vgic.c')
0 files changed, 0 insertions, 0 deletions