diff mbox

scsi: lpfc: fix potential buffer overflow.

Message ID 1492509351-25441-1-git-send-email-mlombard@redhat.com (mailing list archive)
State Accepted, archived
Headers show

Commit Message

Maurizio Lombardi April 18, 2017, 9:55 a.m. UTC 
This patch fixes a potential buffer overflow in lpfc_nvme_info_show().

Signed-off-by: Maurizio Lombardi <mlombard@redhat.com>
---
 drivers/scsi/lpfc/lpfc_attr.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Ewan Milne April 18, 2017, 3:07 p.m. UTC | #1 
On Tue, 2017-04-18 at 11:55 +0200, Maurizio Lombardi wrote:
> This patch fixes a potential buffer overflow in lpfc_nvme_info_show().
> 
> Signed-off-by: Maurizio Lombardi <mlombard@redhat.com>
> ---
>  drivers/scsi/lpfc/lpfc_attr.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/scsi/lpfc/lpfc_attr.c b/drivers/scsi/lpfc/lpfc_attr.c
> index 22819af..1ce252f 100644
> --- a/drivers/scsi/lpfc/lpfc_attr.c
> +++ b/drivers/scsi/lpfc/lpfc_attr.c
> @@ -181,7 +181,7 @@
>  				wwn_to_u64(vport->fc_nodename.u.wwn),
>  				phba->targetport->port_id);
>  
> -		len += snprintf(buf + len, PAGE_SIZE,
> +		len += snprintf(buf + len, PAGE_SIZE - len,
>  				"\nNVME Target: Statistics\n");
>  		tgtp = (struct lpfc_nvmet_tgtport *)phba->targetport->private;
>  		len += snprintf(buf+len, PAGE_SIZE-len,
> @@ -326,7 +326,7 @@
>  	}
>  	spin_unlock_irq(shost->host_lock);
>  
> -	len += snprintf(buf + len, PAGE_SIZE, "\nNVME Statistics\n");
> +	len += snprintf(buf + len, PAGE_SIZE - len, "\nNVME Statistics\n");
>  	len += snprintf(buf+len, PAGE_SIZE-len,
>  			"LS: Xmt %016llx Cmpl %016llx\n",
>  			phba->fc4NvmeLsRequests,

Reviewed-by: Ewan D. Milne <emilne@redhat.com>
James Smart April 18, 2017, 9:15 p.m. UTC | #2 
On 4/18/2017 2:55 AM, Maurizio Lombardi wrote:
> This patch fixes a potential buffer overflow in lpfc_nvme_info_show().
>
> Signed-off-by: Maurizio Lombardi <mlombard@redhat.com>
> ---
>

looks fine

-- james

Signed-off-by: James Smart <james.smart@broadcom.com>
Martin K. Petersen April 19, 2017, 2:01 a.m. UTC | #3 
Maurizio Lombardi <mlombard@redhat.com> writes:

> This patch fixes a potential buffer overflow in lpfc_nvme_info_show().

Applied to 4.12/scsi-queue.
diff mbox

Patch

diff --git a/drivers/scsi/lpfc/lpfc_attr.c b/drivers/scsi/lpfc/lpfc_attr.c
index 22819af..1ce252f 100644
--- a/drivers/scsi/lpfc/lpfc_attr.c
+++ b/drivers/scsi/lpfc/lpfc_attr.c
@@ -181,7 +181,7 @@ 
 				wwn_to_u64(vport->fc_nodename.u.wwn),
 				phba->targetport->port_id);
 
-		len += snprintf(buf + len, PAGE_SIZE,
+		len += snprintf(buf + len, PAGE_SIZE - len,
 				"\nNVME Target: Statistics\n");
 		tgtp = (struct lpfc_nvmet_tgtport *)phba->targetport->private;
 		len += snprintf(buf+len, PAGE_SIZE-len,
@@ -326,7 +326,7 @@ 
 	}
 	spin_unlock_irq(shost->host_lock);
 
-	len += snprintf(buf + len, PAGE_SIZE, "\nNVME Statistics\n");
+	len += snprintf(buf + len, PAGE_SIZE - len, "\nNVME Statistics\n");
 	len += snprintf(buf+len, PAGE_SIZE-len,
 			"LS: Xmt %016llx Cmpl %016llx\n",
 			phba->fc4NvmeLsRequests,