[stgt] [PATCH] smc: fix memory overwite bug in smc_read_element_status
FUJITA Tomonori
fujita.tomonori at lab.ntt.co.jp
Tue Dec 1 18:22:12 CET 2009
Signed-off-by: FUJITA Tomonori <fujita.tomonori at lab.ntt.co.jp>
---
usr/smc.c | 14 +++++++++++++-
1 files changed, 13 insertions(+), 1 deletions(-)
diff --git a/usr/smc.c b/usr/smc.c
index 6430882..c0f25d6 100644
--- a/usr/smc.c
+++ b/usr/smc.c
@@ -259,6 +259,17 @@ static int smc_initialize_element_status(int host_no, struct scsi_cmd *cmd)
return SAM_STAT_GOOD;
}
+static int nr_slots(struct smc_info *smc)
+{
+ int count = 0;
+ struct slot *s;
+
+ list_for_each_entry(s, &smc->slots, slot_siblings)
+ count++;
+
+ return count;
+}
+
/**
* smc_read_element_status - READ ELEMENT STATUS op code
*
@@ -304,7 +315,8 @@ static int smc_read_element_status(int host_no, struct scsi_cmd *cmd)
}
}
- data = zalloc(alloc_len);
+ /* we allocate possible maximum data length */
+ data = zalloc(8 + elementSize * nr_slots(smc));
if (!data) {
dprintf("Can't allocate enough memory for cmd\n");
key = HARDWARE_ERROR;
--
1.5.6.5
--
To unsubscribe from this list: send the line "unsubscribe stgt" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the stgt
mailing list