[SCSI] libiscsi_tcp: fix max_r2t manipulation (1304be5f) · Commits · E-EXK4 - Operating System Group / projects / Linux

Commit 1304be5f authored 13 years ago by Mike Christie Committed by James Bottomley 13 years ago

[SCSI] libiscsi_tcp: fix max_r2t manipulation


Problem description from Xi Wang:
A large max_r2t could lead to integer overflow in subsequent call to
iscsi_tcp_r2tpool_alloc(), allocating a smaller buffer than expected
and leading to out-of-bounds write.

Signed-off-by: Mike Christie <michaelc@cs.wisc.edu>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>

parent df1c7bab

No related branches found

No related tags found

Hide whitespace changes

Inline Side-by-side

Showing with 24 additions and 26 deletions

Please register or to comment