diff options
| author | Andrew Vasquez | 2019-04-02 23:24:25 +0200 |
|---|---|---|
| committer | Greg Kroah-Hartman | 2019-05-10 17:54:11 +0200 |
| commit | ef7014d76361783d9de9194694f377f38112fbb3 (patch) | |
| tree | ecb16701f7980d2d9f23e44ed26ac27e6f7c8b51 /drivers/scsi | |
| parent | scsi: lpfc: change snprintf to scnprintf for possible overflow (diff) | |
| download | kernel-qcow2-linux-ef7014d76361783d9de9194694f377f38112fbb3.tar.gz kernel-qcow2-linux-ef7014d76361783d9de9194694f377f38112fbb3.tar.xz kernel-qcow2-linux-ef7014d76361783d9de9194694f377f38112fbb3.zip | |
scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines
commit 5cbdae10bf11f96e30b4d14de7b08c8b490e903c upstream.
Commit e6f77540c067 ("scsi: qla2xxx: Fix an integer overflow in sysfs
code") incorrectly set 'optrom_region_size' to 'start+size', which can
overflow option-rom boundaries when 'start' is non-zero. Continue setting
optrom_region_size to the proper adjusted value of 'size'.
Fixes: e6f77540c067 ("scsi: qla2xxx: Fix an integer overflow in sysfs code")
Cc: stable@vger.kernel.org
Signed-off-by: Andrew Vasquez <andrewv@marvell.com>
Signed-off-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/scsi')
| -rw-r--r-- | drivers/scsi/qla2xxx/qla_attr.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/drivers/scsi/qla2xxx/qla_attr.c b/drivers/scsi/qla2xxx/qla_attr.c index 4888b999e82f..f8f4d3ea67f3 100644 --- a/drivers/scsi/qla2xxx/qla_attr.c +++ b/drivers/scsi/qla2xxx/qla_attr.c @@ -345,7 +345,7 @@ qla2x00_sysfs_write_optrom_ctl(struct file *filp, struct kobject *kobj, } ha->optrom_region_start = start; - ha->optrom_region_size = start + size; + ha->optrom_region_size = size; ha->optrom_state = QLA_SREADING; ha->optrom_buffer = vmalloc(ha->optrom_region_size); @@ -418,7 +418,7 @@ qla2x00_sysfs_write_optrom_ctl(struct file *filp, struct kobject *kobj, } ha->optrom_region_start = start; - ha->optrom_region_size = start + size; + ha->optrom_region_size = size; ha->optrom_state = QLA_SWRITING; ha->optrom_buffer = vmalloc(ha->optrom_region_size); |