svn commit: r358550 - head/sys/dev/aacraid

Mon Mar 2 16:11:27 UTC 2020

Author: luporl
Date: Mon Mar  2 16:11:25 2020
New Revision: 358550
URL: https://svnweb.freebsd.org/changeset/base/358550

Log:
  [aacraid] Prevent sense data from causing a buffer overflow
  
  This issue was observed on a PowerPC64 machine with an Adaptec RAID
  Controller with PCI device ID 0x028d, where sense data was causing a
  buffer overflow because of wrong max sense length logic.
  
  Reviewed by:	emaste
  Differential Revision:	https://reviews.freebsd.org/D23667

Modified:
  head/sys/dev/aacraid/aacraid_cam.c

Modified: head/sys/dev/aacraid/aacraid_cam.c
==============================================================================

--- head/sys/dev/aacraid/aacraid_cam.c	Mon Mar  2 15:58:50 2020	(r358549)
+++ head/sys/dev/aacraid/aacraid_cam.c	Mon Mar  2 16:11:25 2020	(r358550)
@@ -1182,7 +1182,7 @@ aac_cam_complete(struct aac_command *cm)
 				    scsi_sense_len) ? scsi_sense_len :
 				    srbr->sense_len;
 				bcopy(&srbr->sense[0], &ccb->csio.sense_data,
-				    srbr->sense_len);
+				    sense_len);
 				ccb->csio.sense_len = sense_len;
 				ccb->ccb_h.status |= CAM_AUTOSNS_VALID;
 				// scsi_sense_print(&ccb->csio);
