scsi: qla4xxx: Add length check when parsing nlattrs - linux

diff options

author	Lin Ma <linma@zju.edu.cn>	2023-07-23 10:00:53 +0200
committer	Martin K. Petersen <martin.petersen@oracle.com>	2023-07-26 03:51:04 +0200
commit	47cd3770e31df942e2bb925a9a855c79ed0662eb (patch)
tree	13d567513c9608f5eb9687316bbdbbd2aedc51a3 /include/scsi
parent	scsi: be2iscsi: Add length check when parsing nlattrs (diff)
download	linux-47cd3770e31df942e2bb925a9a855c79ed0662eb.tar.xz linux-47cd3770e31df942e2bb925a9a855c79ed0662eb.zip

scsi: qla4xxx: Add length check when parsing nlattrs

There are three places that qla4xxx parses nlattrs: - qla4xxx_set_chap_entry() - qla4xxx_iface_set_param() - qla4xxx_sysfs_ddb_set_param() and each of them directly converts the nlattr to specific pointer of structure without length checking. This could be dangerous as those attributes are not validated and a malformed nlattr (e.g., length 0) could result in an OOB read that leaks heap dirty data. Add the nla_len check before accessing the nlattr data and return EINVAL if the length check fails. Fixes: 26ffd7b45fe9 ("[SCSI] qla4xxx: Add support to set CHAP entries") Fixes: 1e9e2be3ee03 ("[SCSI] qla4xxx: Add flash node mgmt support") Fixes: 00c31889f751 ("[SCSI] qla4xxx: fix data alignment and use nl helpers") Signed-off-by: Lin Ma <linma@zju.edu.cn> Link: https://lore.kernel.org/r/20230723080053.3714534-1-linma@zju.edu.cn Reviewed-by: Chris Leech <cleech@redhat.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

Diffstat (limited to 'include/scsi')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: