mirrors/scst
1
0
Fork 0
mirror of https://github.com/SCST-project/scst.git synced 2026-05-14 09:11:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

scst_event: Fix check of recopied payload_len

Browse Source 
We check the recopied payload_len with the length of
struct scst_event + payload.

  if (event->payload_len != event_len)

This check will never succeed.

So check the recopied payload length with the passed
payload_len from user space.

Fixes: ffd85476 ("scst: Suppress a false positive Coverity memory corruption complaint")
This commit is contained in:
Gleb Chesnokov
2022-02-14 14:03:27 +03:00
parent 6d892aa061
commit 7e484c59b3
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
scst/src/scst_event.c
View File

@@ -637,8 +637,9 @@ static int scst_event_get_event_from_user(struct scst_event_user __user *arg,
}
/* payload_len has been recopied, so recheck it. */
if (event->payload_len != event_len) {
PRINT_ERROR("Payload len changed while being read");
if (event->payload_len != payload_len) {
PRINT_ERROR("Payload len %d changed while being read: %d",
event->payload_len, payload_len);
res = -EINVAL;
goto out_free;
}