From 2bf52f92240703092e967d0db464e61fc5112544 Mon Sep 17 00:00:00 2001 From: Marco Peereboom Date: Thu, 15 Jun 2006 04:59:22 +0000 Subject: And now without a buffer overflow. Pointed out by dlg. No cookie for me. --- sys/dev/ic/mpi.c | 13 ++++++++----- sys/dev/ic/mpivar.h | 4 +++- 2 files changed, 11 insertions(+), 6 deletions(-) (limited to 'sys/dev') diff --git a/sys/dev/ic/mpi.c b/sys/dev/ic/mpi.c index b0b5c23bf21..694892d6840 100644 --- a/sys/dev/ic/mpi.c +++ b/sys/dev/ic/mpi.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mpi.c,v 1.39 2006/06/15 04:44:59 marco Exp $ */ +/* $OpenBSD: mpi.c,v 1.40 2006/06/15 04:59:21 marco Exp $ */ /* * Copyright (c) 2005, 2006 David Gwynne @@ -1861,7 +1861,6 @@ void mpi_get_raid(struct mpi_softc *sc) { struct mpi_cfg_hdr hdr; - struct mpi_cfg_ioc_pg2 pg; DNPRINTF(MPI_D_RAID, "%s: mpi_get_raid\n", DEVNAME(sc)); @@ -1872,7 +1871,9 @@ mpi_get_raid(struct mpi_softc *sc) } /* make page length bytes instead of dwords */ - if (mpi_cfg_page(sc, 0, &hdr, 1, &pg, hdr.page_length * 4) != 0) { + sc->sc_ioc_pg2 = malloc(hdr.page_length * 4, M_DEVBUF, M_WAITOK); + if (mpi_cfg_page(sc, 0, &hdr, 1, sc->sc_ioc_pg2, + hdr.page_length * 4) != 0) { DNPRINTF(MPI_D_RAID, "%s: mpi_get_raid unable to fetch IOC " "page 2\n", DEVNAME(sc)); return; @@ -1880,8 +1881,10 @@ mpi_get_raid(struct mpi_softc *sc) DNPRINTF(MPI_D_RAID, "%s: capabilities: %x active vols %d max vols: %d" " active phys disks: %d max disks: %d\n", - DEVNAME(sc), letoh32(pg.capabilities), pg.no_active_vols, - pg.max_vols, pg.no_active_phys_disks, pg.max_phys_disks); + DEVNAME(sc), letoh32(sc->sc_ioc_pg2->capabilities), + sc->sc_ioc_pg2->no_active_vols, sc->sc_ioc_pg2->max_vols, + sc->sc_ioc_pg2->no_active_phys_disks, + sc->sc_ioc_pg2->max_phys_disks); } int diff --git a/sys/dev/ic/mpivar.h b/sys/dev/ic/mpivar.h index f915a276b22..5be18deb939 100644 --- a/sys/dev/ic/mpivar.h +++ b/sys/dev/ic/mpivar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: mpivar.h,v 1.11 2006/06/15 04:44:59 marco Exp $ */ +/* $OpenBSD: mpivar.h,v 1.12 2006/06/15 04:59:21 marco Exp $ */ /* * Copyright (c) 2005 David Gwynne @@ -114,6 +114,8 @@ struct mpi_softc { struct mpi_ccb_list sc_ccb_free; struct mpi_dmamem *sc_replies; + + struct mpi_cfg_ioc_pg2 *sc_ioc_pg2; }; int mpi_attach(struct mpi_softc *); -- cgit v1.2.3