aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKiran Patil <kiran.patil@intel.com>2010-10-08 20:12:41 -0400
committerJames Bottomley <James.Bottomley@suse.de>2010-10-25 16:11:38 -0400
commit2dc02ee52f32aac6d8dd1172f104dc30ae1051bb (patch)
tree8b2e4bfa396355bde204d71b011d87049ee5f025
parentc531b9b49b146e1535dbed006d15e58f4f528f7e (diff)
[SCSI] libfcoe: VN2VN connection setup causing stack memory corruption.
Fix: When FIP frame is received, function fcoe_ctlr_vn_recv calls function fcoe_ctlr_vn_parse which does memset for addr (&buf.rdata) which leads to memory corruption. Code was trying to treat "buf" as struct but it was defined as union. Fix is to change from union to struct for "buf" in function fcoe_ctlr_vn_recv. Technical Details: N/A Signed-off-by: Kiran Patil <kiran.patil@intel.com> Acked-by: Joe Eykholt <jeykholt@cisco.com> Signed-off-by: Robert Love <robert.w.love@intel.com> Signed-off-by: James Bottomley <James.Bottomley@suse.de>
-rw-r--r--drivers/scsi/fcoe/libfcoe.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/scsi/fcoe/libfcoe.c b/drivers/scsi/fcoe/libfcoe.c
index aa503d83092..bc17c712320 100644
--- a/drivers/scsi/fcoe/libfcoe.c
+++ b/drivers/scsi/fcoe/libfcoe.c
@@ -2296,7 +2296,7 @@ static int fcoe_ctlr_vn_recv(struct fcoe_ctlr *fip, struct sk_buff *skb)
2296{ 2296{
2297 struct fip_header *fiph; 2297 struct fip_header *fiph;
2298 enum fip_vn2vn_subcode sub; 2298 enum fip_vn2vn_subcode sub;
2299 union { 2299 struct {
2300 struct fc_rport_priv rdata; 2300 struct fc_rport_priv rdata;
2301 struct fcoe_rport frport; 2301 struct fcoe_rport frport;
2302 } buf; 2302 } buf;