upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-09 08:43:19 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

ctl: avoid heap info leak in ctl_request_sense

Browse source 
Previously 3 bytes of data from the heap could be leaked to ctl
consumers.

Reported by:	Synacktiv
Reviewed by:	asomers, mav
Sponsored by:	The Alpha-Omega Project
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46091
This commit is contained in:
Ed Maste 2024-08-20 14:12:47 -04:00
parent 1af7d5f389
commit db87c98168
1 changed files with 2 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
sys/cam/ctl/ctl.c
View file

@ -9304,14 +9304,8 @@ ctl_request_sense(struct ctl_scsiio *ctsio)
sense_ptr = (struct scsi_sense_data *)ctsio->kern_data_ptr;
ctsio->kern_sg_entries = 0;
ctsio->kern_rel_offset = 0;
/*
* struct scsi_sense_data, which is currently set to 256 bytes, is
* larger than the largest allowed value for the length field in the
* REQUEST SENSE CDB, which is 252 bytes as of SPC-4.
*/
ctsio->kern_data_len = cdb->length;
ctsio->kern_total_len = cdb->length;
ctsio->kern_data_len = ctsio->kern_total_len =
MIN(cdb->length, sizeof(*sense_ptr));
/*
* If we don't have a LUN, we don't have any pending sense.