diff options
author | Manish Rangankar <manish.rangankar@qlogic.com> | 2012-08-07 07:57:13 -0400 |
---|---|---|
committer | James Bottomley <JBottomley@Parallels.com> | 2012-09-14 12:59:19 -0400 |
commit | d46bdeb14447f0b7e4420c7b1525c8ad9f64ed1b (patch) | |
tree | 9dd508922030f7b37caded1e5d8d6941bb2aad98 /drivers/scsi/qla4xxx/ql4_mbx.c | |
parent | 95ab000388974d8ffef8257306b4be6e8778b768 (diff) |
[SCSI] qla4xxx: Fix memory corruption issue in qla4xxx_ep_connect.
In qla4xxx_ep_connect(), qla_ep->dst_addr and dst_addr are type
struct sockaddr. We are copying sizeof(struct sockaddr_in6) bytes
from dst_addr to qla_ep->dst_addr which is 12 bytes larger. This
will cause memory corruption. So we change qla_ep->dst_addr to
struct sockaddr_storage which is of 128 byte, large enough to
hold sizeof(struct sockaddr_in6).
Signed-off-by: Manish Rangankar <manish.rangankar@qlogic.com>
Signed-off-by: Vikas Chaudhary <vikas.chaudhary@qlogic.com>
Reviewed-by: Mike Christie <michaelc@cs.wisc.edu>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Diffstat (limited to 'drivers/scsi/qla4xxx/ql4_mbx.c')
-rw-r--r-- | drivers/scsi/qla4xxx/ql4_mbx.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/scsi/qla4xxx/ql4_mbx.c b/drivers/scsi/qla4xxx/ql4_mbx.c index cab8f665a41f..23a10ead3eb5 100644 --- a/drivers/scsi/qla4xxx/ql4_mbx.c +++ b/drivers/scsi/qla4xxx/ql4_mbx.c | |||
@@ -1695,7 +1695,7 @@ int qla4xxx_set_param_ddbentry(struct scsi_qla_host *ha, | |||
1695 | conn = cls_conn->dd_data; | 1695 | conn = cls_conn->dd_data; |
1696 | qla_conn = conn->dd_data; | 1696 | qla_conn = conn->dd_data; |
1697 | sess = conn->session; | 1697 | sess = conn->session; |
1698 | dst_addr = &qla_conn->qla_ep->dst_addr; | 1698 | dst_addr = (struct sockaddr *)&qla_conn->qla_ep->dst_addr; |
1699 | 1699 | ||
1700 | if (dst_addr->sa_family == AF_INET6) | 1700 | if (dst_addr->sa_family == AF_INET6) |
1701 | options |= IPV6_DEFAULT_DDB_ENTRY; | 1701 | options |= IPV6_DEFAULT_DDB_ENTRY; |