From: Yi Zou Date: Fri, 1 Apr 2011 23:06:25 +0000 (-0700) Subject: [SCSI] libfcoe: fix possible buffer overflow in fcoe_transport_show X-Git-Tag: firefly_0821_release~7613^2~1373^2~77 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=a01a5a5789287113cd6bb25c79cf2a826874c918;p=firefly-linux-kernel-4.4.55.git [SCSI] libfcoe: fix possible buffer overflow in fcoe_transport_show possible buffer overflow in fcoe_transport_show when reaching the end of buffer and crossing PAGE_SIZE boundary. Signed-off-by: Yi Zou Signed-off-by: Tomas Henzl Tested-by: Ross Brattain Signed-off-by: Robert Love Signed-off-by: James Bottomley --- diff --git a/drivers/scsi/fcoe/fcoe_transport.c b/drivers/scsi/fcoe/fcoe_transport.c index ec0f395263c5..538f29923ab4 100644 --- a/drivers/scsi/fcoe/fcoe_transport.c +++ b/drivers/scsi/fcoe/fcoe_transport.c @@ -385,9 +385,9 @@ static int fcoe_transport_show(char *buffer, const struct kernel_param *kp) i = j = sprintf(buffer, "Attached FCoE transports:"); mutex_lock(&ft_mutex); list_for_each_entry(ft, &fcoe_transports, list) { - i += snprintf(&buffer[i], IFNAMSIZ, "%s ", ft->name); - if (i >= PAGE_SIZE) + if (i >= PAGE_SIZE - IFNAMSIZ) break; + i += snprintf(&buffer[i], IFNAMSIZ, "%s ", ft->name); } mutex_unlock(&ft_mutex); if (i == j)