diff options
author | David Gwynne <dlg@cvs.openbsd.org> | 2010-06-21 13:47:11 +0000 |
---|---|---|
committer | David Gwynne <dlg@cvs.openbsd.org> | 2010-06-21 13:47:11 +0000 |
commit | 11b345df8dd8063507784373b4d48821ffaacbe2 (patch) | |
tree | fccb8e6068b174890f36c43aff2de0bb519f8ed3 /sys | |
parent | be46de36488432dff6a1247fbee6546a9f73c2e2 (diff) |
avoid an overflow of the xs sense buffer by ignoring t2i->senselen.
again, found by and fixed by matthew dempsky.
Diffstat (limited to 'sys')
-rw-r--r-- | sys/dev/vscsi.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/dev/vscsi.c b/sys/dev/vscsi.c index 1a3e37317d3..566beebdda6 100644 --- a/sys/dev/vscsi.c +++ b/sys/dev/vscsi.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vscsi.c,v 1.11 2010/06/21 13:28:09 dlg Exp $ */ +/* $OpenBSD: vscsi.c,v 1.12 2010/06/21 13:47:10 dlg Exp $ */ /* * Copyright (c) 2008 David Gwynne <dlg@openbsd.org> @@ -397,7 +397,7 @@ vscsi_t2i(struct vscsi_softc *sc, struct vscsi_ioc_t2i *t2i) break; case VSCSI_STAT_SENSE: xs->error = XS_SENSE; - bcopy(&t2i->sense, &xs->sense, t2i->senselen); + bcopy(&t2i->sense, &xs->sense, sizeof(xs->sense)); xs->req_sense_length = t2i->senselen; break; case VSCSI_STAT_ERR: |