scsi: Protect against buffer possible overflow in scsi_set_sense_information Make sure that the input sense buffer has sufficient length to fit the information descriptor (12 additional bytes). Modify scsi_set_sense_information to receive the sense buffer length and adjust its callers scsi target and libata. (Fix patch fuzz in scsi_set_sense_information - nab) Reported-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Sagi Grimberg <sagig@mellanox.com> Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com> Cc: Tejun Heo <tj@kernel.org> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>

commit: f5a8b3a796db01b639435515b3adc003b9f27387 [log] [tgz]
author: Sagi Grimberg <sagig@mellanox.com> Wed Jul 15 10:55:37 2015 +0300
committer: Nicholas Bellinger <nab@linux-iscsi.org> Thu Jul 23 22:53:05 2015 -0700
tree: 3ff4e026ec2af94cbef2cef9d365a5faf141059c
parent: 12306b425d0dbab7b60f54e02d67cf3dfae494d1 [diff] [blame]
diff --git a/include/scsi/scsi_common.h b/include/scsi/scsi_common.h
index 156d673..11571b2 100644
--- a/include/scsi/scsi_common.h
+++ b/include/scsi/scsi_common.h

@@ -62,7 +62,7 @@
 				 struct scsi_sense_hdr *sshdr);
 
 extern void scsi_build_sense_buffer(int desc, u8 *buf, u8 key, u8 asc, u8 ascq);
-extern void scsi_set_sense_information(u8 *buf, u64 info);
+int scsi_set_sense_information(u8 *buf, int buf_len, u64 info);
 extern const u8 * scsi_sense_desc_find(const u8 * sense_buffer, int sb_len,
 				       int desc_type);
commit	f5a8b3a796db01b639435515b3adc003b9f27387	[log] [tgz]
author	Sagi Grimberg <sagig@mellanox.com>	Wed Jul 15 10:55:37 2015 +0300
committer	Nicholas Bellinger <nab@linux-iscsi.org>	Thu Jul 23 22:53:05 2015 -0700
tree	3ff4e026ec2af94cbef2cef9d365a5faf141059c
parent	12306b425d0dbab7b60f54e02d67cf3dfae494d1 [diff] [blame]