svn commit: r314835 - stable/11/sys/dev/firewire
Alexander Motin
mav at FreeBSD.org
Tue Mar 7 05:56:49 UTC 2017
Author: mav
Date: Tue Mar 7 05:56:48 2017
New Revision: 314835
URL: https://svnweb.freebsd.org/changeset/base/314835
Log:
MFC r314374: Add safety check against too long CDB.
SBP-2 specification defined maximum CDB length as 12 bytes. Newer SBP-3
specification allows CDB of any size, but this driver is too old. Proper
solution would be to look on maximal ORB size supported by the target.
Modified:
stable/11/sys/dev/firewire/sbp.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/dev/firewire/sbp.c
==============================================================================
--- stable/11/sys/dev/firewire/sbp.c Tue Mar 7 05:35:14 2017 (r314834)
+++ stable/11/sys/dev/firewire/sbp.c Tue Mar 7 05:56:48 2017 (r314835)
@@ -2367,6 +2367,11 @@ END_DEBUG
xpt_done(ccb);
return;
}
+ if (csio->cdb_len > sizeof(ocb->orb) - 5 * sizeof(uint32_t)) {
+ ccb->ccb_h.status = CAM_REQ_INVALID;
+ xpt_done(ccb);
+ return;
+ }
#if 0
/* if we are in probe stage, pass only probe commands */
if (sdev->status == SBP_DEV_PROBE) {
More information about the svn-src-all
mailing list