Author: mav
Date: Tue Mar 7 05:57:18 2017
New Revision: 314836
URL: https://svnweb.freebsd.org/changeset/base/314836
Log:
MFC r314374: Add safety check against too long CDB.
SBP-2 specification defined maximum CDB length as 12 bytes. Newer SBP-3
specification allows CDB of any size, but this driver is too old. Proper
solution would be to look on maximal ORB size supported by the target.
Modified:
stable/10/sys/dev/firewire/sbp.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/sys/dev/firewire/sbp.c
==============================================================================
--- stable/10/sys/dev/firewire/sbp.c Tue Mar 7 05:56:48 2017
(r314835)
+++ stable/10/sys/dev/firewire/sbp.c Tue Mar 7 05:57:18 2017
(r314836)
@@ -2403,6 +2403,11 @@ END_DEBUG
xpt_done(ccb);
return;
}
+ if (csio->cdb_len > sizeof(ocb->orb) - 5 * sizeof(uint32_t)) {
+ ccb->ccb_h.status = CAM_REQ_INVALID;
+ xpt_done(ccb);
+ return;
+ }
#if 0
/* if we are in probe stage, pass only probe commands */
if (sdev->status == SBP_DEV_PROBE) {
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
