lib/iscsi: add checking total_ahs_len in iscsi_reject

Fix static analyzer error by ensuring 4 * total_ahs_len is
not larger than ISCSI_AHS_LEN.

When ./configure -enable-werror --enable-ubsan --enable-asan,
iscsi target reports heap-buffer-overflow error
when I feeding unexpeted pdu opcode.

Change-Id: Ib8053e1a19b5e49385642106eb79c458d35ab3c6
Signed-off-by: Hailiang Wang <hailiangx.e.wang@intel.com>
Reviewed-on: https://review.gerrithub.io/c/spdk/spdk/+/471489
Reviewed-by: Shuhei Matsumoto <shuhei.matsumoto.xt@hitachi.com>
Reviewed-by: Jim Harris <james.r.harris@intel.com>
Reviewed-by: Liang Yan <liang.z.yan@intel.com>
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
This commit is contained in:
Hailiang Wang 2019-10-16 20:10:12 +08:00 committed by Tomasz Zawadzki
parent 1dc9a7627f
commit 9d660f187a

View File

@ -281,8 +281,9 @@ iscsi_reject(struct spdk_iscsi_conn *conn, struct spdk_iscsi_pdu *pdu,
data_len += ISCSI_BHS_LEN;
if (total_ahs_len != 0) {
memcpy(data + data_len, pdu->ahs, (4 * total_ahs_len));
data_len += (4 * total_ahs_len);
total_ahs_len = spdk_min((4 * total_ahs_len), ISCSI_AHS_LEN);
memcpy(data + data_len, pdu->ahs, total_ahs_len);
data_len += total_ahs_len;
}
if (conn->header_digest) {