linux-stable-mirror/include/scsi/libiscsi.h at 1a076689cda8a1d623dcda170b2dc2b476cc6f1a

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2026-03-22 11:42:41 +01:00

Files

Mike Christie 1304be5fe0 [SCSI] libiscsi_tcp: fix max_r2t manipulation

Problem description from Xi Wang:
A large max_r2t could lead to integer overflow in subsequent call to
iscsi_tcp_r2tpool_alloc(), allocating a smaller buffer than expected
and leading to out-of-bounds write.

Signed-off-by: Mike Christie <michaelc@cs.wisc.edu>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>

2012-02-19 08:09:00 -06:00

13 KiB

Raw Blame History

View Raw

13 KiB Raw Blame History

13 KiB

Raw Blame History