diff options
| author | Mike Belopuhov <mikeb@cvs.openbsd.org> | 2017-08-10 17:11:50 +0000 |
|---|---|---|
| committer | Mike Belopuhov <mikeb@cvs.openbsd.org> | 2017-08-10 17:11:50 +0000 |
| commit | 203759fd42e6e752fc6d9e9e74d271994d5a7774 (patch) | |
| tree | 184fd9500845d28b6e0f3bd9894d2231f5de7a19 /sys/dev/pv | |
| parent | befd35f079c9499f9153b7f71f74d56bdb8a1ae6 (diff) | |
Buffer size for the SCSI vendor string should be 8 char long
A vendor and part of the product string got copied into a larger
on-stack buffer as a result of an out-of-bounds access, however
only 4 characters are meaningful in this context.
Coverity CID 1453206; Severity: insignificant.
Diffstat (limited to 'sys/dev/pv')
| -rw-r--r-- | sys/dev/pv/hvs.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/dev/pv/hvs.c b/sys/dev/pv/hvs.c index 0666c432119..566698a1a92 100644 --- a/sys/dev/pv/hvs.c +++ b/sys/dev/pv/hvs.c @@ -589,7 +589,7 @@ fixup_inquiry(struct scsi_xfer *xs, struct hvs_srb *srb) struct hvs_softc *sc = xs->sc_link->adapter_softc; struct scsi_inquiry_data *inq = (struct scsi_inquiry_data *)xs->data; int datalen, resplen; - char vendor[16]; + char vendor[8]; resplen = srb->srb_datalen >= 5 ? inq->additional_length + 5 : 0; datalen = MIN(resplen, srb->srb_datalen); |