summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorConstantine Sapuntzakis <csapuntz@cvs.openbsd.org>2000-07-18 06:26:30 +0000
committerConstantine Sapuntzakis <csapuntz@cvs.openbsd.org>2000-07-18 06:26:30 +0000
commitd1816a6b79fa12db06e2185a9246e443481bf72d (patch)
treedb37857e4d85dca3fc062176d98e42e6469e5bed /sys
parent895c22a8fe2ee086caf62577eb81848fd7fbed9b (diff)
Thanks to miod@ for finding bug in cd_scsi_{get,set}mode
Pass length of mode page, not length of fixed header
Diffstat (limited to 'sys')
-rw-r--r--sys/scsi/cd_scsi.c27
1 files changed, 24 insertions, 3 deletions
diff --git a/sys/scsi/cd_scsi.c b/sys/scsi/cd_scsi.c
index c458c2070e2..1458049ea57 100644
--- a/sys/scsi/cd_scsi.c
+++ b/sys/scsi/cd_scsi.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cd_scsi.c,v 1.1 1999/07/20 06:21:59 csapuntz Exp $ */
+/* $OpenBSD: cd_scsi.c,v 1.2 2000/07/18 06:26:29 csapuntz Exp $ */
/* $NetBSD: cd_scsi.c,v 1.14 1998/08/31 22:28:06 cgd Exp $ */
/*-
@@ -110,6 +110,14 @@ cd_scsibus_get_mode(cd, data, page, len, flags)
{
struct scsi_mode_sense scsi_cmd;
+#ifdef DIAGNOSTIC
+ if (len == 0 || len > 256) {
+ printf ("cd_scsibus_get_mode: Mode page %02x request "
+ "bad size: %d bytes\n", page, len);
+ return (EINVAL);
+ }
+#endif
+
bzero(&scsi_cmd, sizeof(scsi_cmd));
bzero(data, sizeof(*data));
scsi_cmd.opcode = MODE_SENSE;
@@ -117,7 +125,7 @@ cd_scsibus_get_mode(cd, data, page, len, flags)
scsi_cmd.length = len & 0xff;
return (scsi_scsi_cmd(cd->sc_link,
(struct scsi_generic *)&scsi_cmd, sizeof(scsi_cmd),
- (u_char *)data, sizeof(*data), CDRETRIES, 20000, NULL,
+ (u_char *)data, len, CDRETRIES, 20000, NULL,
SCSI_DATA_IN));
}
@@ -132,14 +140,27 @@ cd_scsibus_set_mode(cd, data, len, flags)
{
struct scsi_mode_select scsi_cmd;
+#ifdef DIAGNOSTIC
+ if (len == 0 || len > 256) {
+ printf ("cd_scsibus_set_mode: Set mode request "
+ "bad size: %d bytes\n", len);
+ return (EINVAL);
+ }
+#endif
+
bzero(&scsi_cmd, sizeof(scsi_cmd));
scsi_cmd.opcode = MODE_SELECT;
scsi_cmd.byte2 |= SMS_PF;
scsi_cmd.length = len & 0xff;
+
+ /* SPC-2 revision 16, section 8.3: Mode parameters
+ When used with the [MODE SELECT command], the data
+ length field is reserved. */
data->header.data_length = 0;
+
return (scsi_scsi_cmd(cd->sc_link,
(struct scsi_generic *)&scsi_cmd, sizeof(scsi_cmd),
- (u_char *)data, sizeof(*data), CDRETRIES, 20000, NULL,
+ (u_char *)data, len, CDRETRIES, 20000, NULL,
SCSI_DATA_OUT));
}