mirrors/scst
1
0
Fork 0
mirror of https://github.com/SCST-project/scst.git synced 2026-05-18 11:11:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Fixed a buffer overrun: a service entry name occupying 35 bytes was

Browse Source 
written into a buffer with a size of 32 bytes. Enlarged the buffer
  to 36 bytes.
- Converted sprintf() calls to snprintf() calls.
- Added more TRACE_ENTRY() / TRACE_EXIT() statements.


git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@992 d57e44dd-8a1f-0410-8b47-8ef2f437770f
This commit is contained in:
Bart Van Assche
2009-07-30 12:48:06 +00:00
parent 57f4019ed5
commit 745a852fbe
2 changed files with 16 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
srpt/src/ib_srpt.c
View File

@@ -335,8 +335,11 @@ static void srpt_get_svc_entries(u16 slot, u8 hi, u8 lo, struct ib_dm_mad *mad)
svc_entries = (struct ib_dm_svc_entries *)mad->data;
memset(svc_entries, 0, sizeof *svc_entries);
svc_entries->service_entries[0].id = cpu_to_be64(mellanox_ioc_guid);
sprintf(svc_entries->service_entries[0].name, "%s%016llx",
SRP_SERVICE_NAME_PREFIX, (unsigned long long)mellanox_ioc_guid);
snprintf(svc_entries->service_entries[0].name,
sizeof(svc_entries->service_entries[0].name),
"%s%016llx",
SRP_SERVICE_NAME_PREFIX,
(unsigned long long)mellanox_ioc_guid);
mad->mad_hdr.status = 0;
}
@@ -1346,6 +1349,8 @@ static struct srpt_rdma_ch *srpt_find_channel(struct ib_cm_id *cm_id)
static int srpt_release_channel(struct srpt_rdma_ch *ch, int destroy_cmid)
{
TRACE_ENTRY();
spin_lock_irq(&ch->sport->sdev->spinlock);
list_del(&ch->list);
spin_unlock_irq(&ch->sport->sdev->spinlock);
@@ -1380,6 +1385,8 @@ static int srpt_release_channel(struct srpt_rdma_ch *ch, int destroy_cmid)
kfree(ch);
TRACE_EXIT_RES(!destroy_cmid);
return destroy_cmid ? 0 : 1;
}
@@ -1529,9 +1536,12 @@ static int srpt_cm_req_recv(struct ib_cm_id *cm_id,
goto destroy_ib;
}
sprintf(ch->sess_name, "0x%016llx%016llx",
(unsigned long long)be64_to_cpu(*(u64 *)ch->i_port_id),
(unsigned long long)be64_to_cpu(*(u64 *)(ch->i_port_id + 8)));
snprintf(ch->sess_name, sizeof(ch->sess_name),
"0x%016llx%016llx",
(unsigned long long)be64_to_cpu(*(u64 *)ch->i_port_id),
(unsigned long long)be64_to_cpu(*(u64 *)(ch->i_port_id + 8)));
TRACE_DBG("registering session %s", ch->sess_name);
BUG_ON(!sdev->scst_tgt);
ch->scst_sess = scst_register_session(sdev->scst_tgt, 0, ch->sess_name,

2
srpt/src/ib_srpt.h
View File

@@ -155,7 +155,7 @@ struct srpt_rdma_ch {
u32 active_scmnd_cnt;
struct scst_session *scst_sess;
u8 sess_name[32];
u8 sess_name[36];
};
struct srpt_port {