lib/iscsi: add checking total_ahs_len in iscsi_reject
Fix static analyzer error by ensuring 4 * total_ahs_len is not larger than ISCSI_AHS_LEN. When ./configure -enable-werror --enable-ubsan --enable-asan, iscsi target reports heap-buffer-overflow error when I feeding unexpeted pdu opcode. Change-Id: Ib8053e1a19b5e49385642106eb79c458d35ab3c6 Signed-off-by: Hailiang Wang <hailiangx.e.wang@intel.com> Reviewed-on: https://review.gerrithub.io/c/spdk/spdk/+/471489 Reviewed-by: Shuhei Matsumoto <shuhei.matsumoto.xt@hitachi.com> Reviewed-by: Jim Harris <james.r.harris@intel.com> Reviewed-by: Liang Yan <liang.z.yan@intel.com> Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
This commit is contained in:
parent
1dc9a7627f
commit
9d660f187a
@ -281,8 +281,9 @@ iscsi_reject(struct spdk_iscsi_conn *conn, struct spdk_iscsi_pdu *pdu,
|
||||
data_len += ISCSI_BHS_LEN;
|
||||
|
||||
if (total_ahs_len != 0) {
|
||||
memcpy(data + data_len, pdu->ahs, (4 * total_ahs_len));
|
||||
data_len += (4 * total_ahs_len);
|
||||
total_ahs_len = spdk_min((4 * total_ahs_len), ISCSI_AHS_LEN);
|
||||
memcpy(data + data_len, pdu->ahs, total_ahs_len);
|
||||
data_len += total_ahs_len;
|
||||
}
|
||||
|
||||
if (conn->header_digest) {
|
||||
|
Loading…
Reference in New Issue
Block a user