summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorManish Rangankar <manish.rangankar@qlogic.com>2012-08-07 15:57:13 +0400
committerJames Bottomley <JBottomley@Parallels.com>2012-09-14 20:59:19 +0400
commitd46bdeb14447f0b7e4420c7b1525c8ad9f64ed1b (patch)
tree9dd508922030f7b37caded1e5d8d6941bb2aad98
parent95ab000388974d8ffef8257306b4be6e8778b768 (diff)
downloadlinux-d46bdeb14447f0b7e4420c7b1525c8ad9f64ed1b.tar.xz
[SCSI] qla4xxx: Fix memory corruption issue in qla4xxx_ep_connect.
In qla4xxx_ep_connect(), qla_ep->dst_addr and dst_addr are type struct sockaddr. We are copying sizeof(struct sockaddr_in6) bytes from dst_addr to qla_ep->dst_addr which is 12 bytes larger. This will cause memory corruption. So we change qla_ep->dst_addr to struct sockaddr_storage which is of 128 byte, large enough to hold sizeof(struct sockaddr_in6). Signed-off-by: Manish Rangankar <manish.rangankar@qlogic.com> Signed-off-by: Vikas Chaudhary <vikas.chaudhary@qlogic.com> Reviewed-by: Mike Christie <michaelc@cs.wisc.edu> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
-rw-r--r--drivers/scsi/qla4xxx/ql4_def.h2
-rw-r--r--drivers/scsi/qla4xxx/ql4_mbx.c2
-rw-r--r--drivers/scsi/qla4xxx/ql4_os.c2
3 files changed, 3 insertions, 3 deletions
diff --git a/drivers/scsi/qla4xxx/ql4_def.h b/drivers/scsi/qla4xxx/ql4_def.h
index 7fdba7f1ffb7..c298ee9002f7 100644
--- a/drivers/scsi/qla4xxx/ql4_def.h
+++ b/drivers/scsi/qla4xxx/ql4_def.h
@@ -752,7 +752,7 @@ struct ql4_task_data {
struct qla_endpoint {
struct Scsi_Host *host;
- struct sockaddr dst_addr;
+ struct sockaddr_storage dst_addr;
};
struct qla_conn {
diff --git a/drivers/scsi/qla4xxx/ql4_mbx.c b/drivers/scsi/qla4xxx/ql4_mbx.c
index cab8f665a41f..23a10ead3eb5 100644
--- a/drivers/scsi/qla4xxx/ql4_mbx.c
+++ b/drivers/scsi/qla4xxx/ql4_mbx.c
@@ -1695,7 +1695,7 @@ int qla4xxx_set_param_ddbentry(struct scsi_qla_host *ha,
conn = cls_conn->dd_data;
qla_conn = conn->dd_data;
sess = conn->session;
- dst_addr = &qla_conn->qla_ep->dst_addr;
+ dst_addr = (struct sockaddr *)&qla_conn->qla_ep->dst_addr;
if (dst_addr->sa_family == AF_INET6)
options |= IPV6_DEFAULT_DDB_ENTRY;
diff --git a/drivers/scsi/qla4xxx/ql4_os.c b/drivers/scsi/qla4xxx/ql4_os.c
index 9da426628b97..77a969a4b375 100644
--- a/drivers/scsi/qla4xxx/ql4_os.c
+++ b/drivers/scsi/qla4xxx/ql4_os.c
@@ -1366,7 +1366,7 @@ static int qla4xxx_conn_get_param(struct iscsi_cls_conn *cls_conn,
conn = cls_conn->dd_data;
qla_conn = conn->dd_data;
- dst_addr = &qla_conn->qla_ep->dst_addr;
+ dst_addr = (struct sockaddr *)&qla_conn->qla_ep->dst_addr;
switch (param) {
case ISCSI_PARAM_CONN_PORT: