mirror
/
linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
linux/drivers
History
Stephen M. Cameron db111e18ec [SCSI] hpsa: fix potential overrun while memcpy'ing sense data 
This memcpy:

   memcpy(cmd->sense_buffer, ei->SenseInfo,
	   ei->SenseLen > SCSI_SENSE_BUFFERSIZE ?
		   SCSI_SENSE_BUFFERSIZE :
		   ei->SenseLen);

The ei->SenseLen field is filled in by the Smart Array.  For requests to
logical drives, it will not exceed 32 bytes, so should be ok, but for physical
requests it depends on the target device, not the Smart Array.  It's conceivable
that this could exceed the 32 byte size of ei->SenseInfo.  In that case, the memcpy
would read past the end of ei->SenseInfo, copying data from the next command,
as if it were sense data, or, if it happened to be the very last command in the
block of allocated commands, could fall off the end of the allocated area and
crash.  I'm not aware of anyone ever encountering this behavior, but it could
conceivably happen.  This bug was found by Coverity.

Signed-off-by: Stephen M. Cameron <scameron@beardog.cce.hp.com>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
 		2011-06-29 12:09:56 -05:00
..
accessibility
acpi Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6 2011-05-29 11:19:16 -07:00
amba ARM: 6829/1: amba: make hardcoded periphid override hardware 2011-05-26 10:33:34 +01:00
ata pata_marvell: Add support for 88SE91A0, 88SE91A4 2011-06-24 02:07:35 -04:00
atm
auxdisplay
base Merge branch 'driver-core-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core-2.6 2011-06-28 11:15:36 -07:00
bcma drivers/bcma/host_pci.c needs slab.h 2011-05-26 17:12:32 -07:00
block Merge branch 'for-linus' of git://git.kernel.dk/linux-block 2011-06-04 08:11:26 +09:00
bluetooth Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 into for-davem 2011-06-17 12:40:36 -04:00
cdrom block: fix mismerge of the DISK_EVENT_MEDIA_CHANGE removal 2011-06-02 05:29:19 +09:00
char drivers/char/hpet.c: fix periodic-emulation for delayed interrupts 2011-06-15 20:04:02 -07:00
clk
clocksource Revert "clocksource: sh_cmt: Runtime PM support" 2011-05-31 15:26:42 +09:00
connector Connector: Correctly set the error code in case of success when dispatching receive callbacks 2011-06-07 12:02:00 -07:00
cpufreq [CPUFREQ] powernow-k8: Don't try to transition if the pstate is incorrect 2011-06-16 16:31:13 -04:00
cpuidle Merge branch 'idle-release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-idle-2.6 2011-05-29 11:18:09 -07:00
crypto
dca
dio
dma dmaengine: shdma: SH_DMAC_MAX_CHANNELS message fix 2011-06-14 15:03:07 +09:00
edac edac,rcu: use synchronize_rcu() instead of call_rcu()+rcu_barrier() 2011-05-26 17:12:37 -07:00
eisa
firewire
firmware Merge branch 'driver-core-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core-2.6 2011-06-28 11:15:36 -07:00
gpio gpio/omap4: Fix missing interrupts during device wakeup due to IOPAD. 2011-06-16 08:40:43 -06:00
gpu Merge branch 'drm-intel-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/keithp/linux-2.6 2011-06-28 11:15:57 -07:00
hid HID: hid-multitouch: add support for a new Lumio dual-touch panel 2011-06-24 13:41:11 +02:00
hwmon hwmon: (s3c) Initialize sysfs attributes 2011-06-17 23:22:27 -07:00
hwspinlock
i2c mfd: Use mfd cell platform_data for timberdale cells platform bits 2011-05-26 19:45:05 +02:00
ide ide-cd: signedness warning fix again 2011-06-11 15:06:48 -07:00
idle
ieee802154
infiniband Merge branches 'cxgb4' and 'qib' into for-next 2011-06-17 11:57:55 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2011-06-20 08:59:46 -07:00
isdn gigaset: call module_put before restart of if_open() 2011-06-17 15:27:32 -04:00
leds drivers/leds/leds-lp5523.c: fix section mismatches 2011-06-27 18:00:13 -07:00
lguest
macintosh
mca
md md: avoid endless recovery loop when waiting for fail device to complete. 2011-06-28 16:59:42 +10:00
media Merge branch 'staging-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging-2.6 2011-06-09 13:09:07 -07:00
memstick
message
mfd mfd: Fix build breakage caused by tps65910 gpio directory move 2011-05-28 08:38:55 +02:00
misc Merge branch 'driver-core-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core-2.6 2011-06-28 11:15:36 -07:00
mmc mmc: queue: bring discard_granularity/alignment into line with SCSI 2011-06-25 18:53:05 -04:00
mtd Merge git://git.infradead.org/mtd-2.6 2011-05-27 20:06:53 -07:00
net pxa168_eth: fix race in transmit path. 2011-06-20 14:02:07 -07:00
nfc
nubus
of
oprofile oprofile: Fix locking dependency in sync_start() 2011-05-31 16:33:34 +02:00
parisc
parport Merge branch 'trivial' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild-2.6 2011-05-26 13:19:00 -07:00
pci Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/cjb/mmc 2011-06-27 14:55:43 -07:00
pcmcia gpio: include linux/gpio.h where needed 2011-06-16 08:40:44 -06:00
platform Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mjg59/platform-drivers-x86 2011-05-29 11:44:33 -07:00
pnp
power Merge git://git.infradead.org/battery-2.6 2011-05-27 10:12:35 -07:00
pps
ps3
ptp ptp: Fix some locking bugs in ptp_read() 2011-06-01 19:29:10 -07:00
rapidio
regulator regulator: Fix _regulator_get_voltage if get_voltage callback is NULL 2011-05-27 10:49:30 +01:00
rtc drivers/rtc/rtc-ds1307.c: add support for RTC device pt7c4338 2011-06-27 18:00:12 -07:00
s390 [S390] qdio: Split SBAL entry flags 2011-06-06 14:14:56 +02:00
sbus
scsi [SCSI] hpsa: fix potential overrun while memcpy'ing sense data 2011-06-29 12:09:56 -05:00
sfi
sh drivers: sh: resume enabled clocks fix 2011-06-14 15:15:25 +09:00
sn
spi spi/bfin_spi: fix handling of default bits per word setting 2011-06-17 08:27:27 -06:00
ssb ssb: fix PCI(e) driver regression causing oops on PCI cards 2011-06-03 14:19:49 -04:00
staging Staging: comedi: fix build breakages on some platforms 2011-06-27 14:43:34 -07:00
target tcm_fc: Fix conversion spec warning 2011-06-24 00:09:16 +00:00
tc
telephony
thermal
tty Merge branch 'tty-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty-2.6 2011-06-28 11:14:55 -07:00
uio
usb Merge branch 'usb-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6 2011-06-28 11:15:17 -07:00
uwb
vhost vhost: support event index 2011-05-30 11:14:15 +09:30
video Merge branch 'fbdev-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lethal/fbdev-3.x 2011-06-16 09:45:47 -07:00
virtio virtio: add api for delayed callbacks 2011-05-30 11:14:16 +09:30
vlynq
w1 w1: W1_MASTER_DS1WM should depend on GENERIC_HARDIRQS 2011-06-15 20:04:00 -07:00
watchdog mfd: Use mfd cell platform_data for rdc321x cells platform bits 2011-05-26 19:45:06 +02:00
xen Merge branch 'stable/bug.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen 2011-06-20 09:01:33 -07:00
zorro
Kconfig
Makefile Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/async_tx 2011-05-28 12:35:15 -07:00