]> git.itanic.dy.fi Git - linux-stable/commitdiff
projects / linux-stable / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1613850)
scsi: libfc: Fix array index out of bound exception
authorJaved Hasan <jhasan@marvell.com>
Tue, 15 Jun 2021 16:59:39 +0000 (09:59 -0700)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 28 Jul 2021 09:12:15 +0000 (11:12 +0200)
[ Upstream commit b27c4577557045f1ab3cdfeabfc7f3cd24aca1fe ]

Fix array index out of bound exception in fc_rport_prli_resp().

Link: https://lore.kernel.org/r/20210615165939.24327-1-jhasan@marvell.com
Signed-off-by: Javed Hasan <jhasan@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
drivers/scsi/libfc/fc_rport.c patch | blob | history

diff --git a/drivers/scsi/libfc/fc_rport.c b/drivers/scsi/libfc/fc_rport.c
index 669cf3553a77d0a395b7382a08e9b5f120a15c76..ef2fa6b10a9c344fe200c546eb593cad264061e5 100644 (file)
--- a/drivers/scsi/libfc/fc_rport.c
+++ b/drivers/scsi/libfc/fc_rport.c
@@ -1174,6 +1174,7 @@ static void fc_rport_prli_resp(struct fc_seq *sp, struct fc_frame *fp,
                resp_code = (pp->spp.spp_flags & FC_SPP_RESP_MASK);
                FC_RPORT_DBG(rdata, "PRLI spp_flags = 0x%x spp_type 0x%x\n",
                             pp->spp.spp_flags, pp->spp.spp_type);
+
                rdata->spp_type = pp->spp.spp_type;
                if (resp_code != FC_SPP_RESP_ACK) {
                        if (resp_code == FC_SPP_RESP_CONF)
@@ -1194,11 +1195,13 @@ static void fc_rport_prli_resp(struct fc_seq *sp, struct fc_frame *fp,
                /*
                 * Call prli provider if we should act as a target
                 */
-               prov = fc_passive_prov[rdata->spp_type];
-               if (prov) {
-                       memset(&temp_spp, 0, sizeof(temp_spp));
-                       prov->prli(rdata, pp->prli.prli_spp_len,
-                                  &pp->spp, &temp_spp);
+               if (rdata->spp_type < FC_FC4_PROV_SIZE) {
+                       prov = fc_passive_prov[rdata->spp_type];
+                       if (prov) {
+                               memset(&temp_spp, 0, sizeof(temp_spp));
+                               prov->prli(rdata, pp->prli.prli_spp_len,
+                                          &pp->spp, &temp_spp);
+                       }
                }
                /*
                 * Check if the image pair could be established
Unnamed repository; edit this file 'description' to name the repository.