[dm-devel] [PATCH] libmpathpersist: fix off-by-one error in PRIN length check
Martin Wilck
mwilck at suse.com
Mon Nov 26 16:29:33 UTC 2018
The length check added by bf25392f4e98 was off by one, so
that a warning was printed even for correct responses
for PERSISTENT_RESERVE_IN READ_FULL_STATUS service actions.
Non-fatal, but should be fixed nonetheless.
Fixes: bf25392f4e98 "libmpathpersist: fix stack overflow in
mpath_format_readfullstatus()"
Signed-off-by: Martin Wilck <mwilck at suse.com>
---
libmpathpersist/mpath_pr_ioctl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libmpathpersist/mpath_pr_ioctl.c b/libmpathpersist/mpath_pr_ioctl.c
index a222b1e1..c4f4ccda 100644
--- a/libmpathpersist/mpath_pr_ioctl.c
+++ b/libmpathpersist/mpath_pr_ioctl.c
@@ -241,7 +241,7 @@ void mpath_format_readfullstatus(struct prin_resp *pr_buff, int len, int noisy)
fdesc.rtpi = get_unaligned_be16(&p[18]);
tid_len_len = get_unaligned_be32(&p[20]);
- if (tid_len_len + 24 + k >= additional_length) {
+ if (tid_len_len + 24 + k > additional_length) {
condlog(0,
"%s: corrupt PRIN response: status descriptor end %d exceeds length %d",
__func__, tid_len_len + k + 24,
--
2.19.1
More information about the dm-devel
mailing list