[Stgt-devel] Patches for MMC and fix for serious crash bug in spc_mode_sense()
ronnie sahlberg
ronniesahlberg
Fri May 2 06:06:04 CEST 2008
Please find attached a few smallish patches,
0001: Fix a "length too small by one" bug in mode sense 10.
0002 : we dont need to specify these mode pages in the mmc example
since they are set by default when the lun is initialized
0003 : add the modepage for MM capabilities (this mode page was what
discovered the bug below)
0004: this fixes a serious crash bug in spc_mode_sense. the bug is
triggered when an initiator is specifying a small alloc_len but the
modepage is big.
This causes the memcpy() in build_mode_page() overwrite other vital
memory and tgtd crashes.
I tried to address it for modesense10 only. The same bug still
exists for the modesense6 path.
Please if someone more comfortable than I can look at the issue and
do a better/more correct patch for this.
This is a pretty important bug to fix.
regards
ronnie sahlberg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mmc.diff.gz
Type: application/x-gzip
Size: 2688 bytes
Desc: not available
Url : https://lists.berlios.de/pipermail/stgt-devel/attachments/20080502/3f0fc741/attachment.gz
More information about the stgt
mailing list