Use flex array destination for memcpy() in drivers/infiniband/ulp/srpt/ib_srpt.c

KSPP / linux

Linux kernel source tree (Kernel Self Protection Project)

https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project

Other

81 stars 5 forks source link

Use flex array destination for memcpy() in drivers/infiniband/ulp/srpt/ib_srpt.c #201

Closed GustavoARSilva closed 1 year ago

GustavoARSilva commented 2 years ago

srp_rsp is a pointer to a flexible structure (a structure that contains a trailing flexible-array member). Use the flexible-array member as destination in memcpy(), explicitly.

include/scsi/srp.h:
256 struct srp_rsp {
257         u8      opcode;
258         u8      sol_not;
...
267         __be32  sense_data_len;
268         __be32  resp_data_len;
269         u8      data[];
270 };

drivers/infiniband/ulp/srpt/ib_srpt.c:
1424                 memcpy(srp_rsp + 1, sense_data, sense_data_len);

Reported-by: https://github.com/HBh25Y

HBh25Y commented 2 years ago

Hi, I send a patch for this: https://lore.kernel.org/all/20220909022943.8896-1-hbh25y@gmail.com/T/#u

GustavoARSilva commented 2 years ago

Awesome. Thanks!