The length check added by bf25392f4e98 was off by one, so that a warning was printed even for correct responses for PERSISTENT_RESERVE_IN READ_FULL_STATUS service actions. Non-fatal, but should be fixed nonetheless.
Fixes: bf25392f4e98 "libmpathpersist: fix stack overflow in mpath_format_readfullstatus()" Signed-off-by: Martin Wilck <[email protected]> --- libmpathpersist/mpath_pr_ioctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libmpathpersist/mpath_pr_ioctl.c b/libmpathpersist/mpath_pr_ioctl.c index a222b1e1..c4f4ccda 100644 --- a/libmpathpersist/mpath_pr_ioctl.c +++ b/libmpathpersist/mpath_pr_ioctl.c @@ -241,7 +241,7 @@ void mpath_format_readfullstatus(struct prin_resp *pr_buff, int len, int noisy) fdesc.rtpi = get_unaligned_be16(&p[18]); tid_len_len = get_unaligned_be32(&p[20]); - if (tid_len_len + 24 + k >= additional_length) { + if (tid_len_len + 24 + k > additional_length) { condlog(0, "%s: corrupt PRIN response: status descriptor end %d exceeds length %d", __func__, tid_len_len + k + 24, -- 2.19.1 -- dm-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/dm-devel
