• A
    SCSI: fix new bug in scsi_dev_info_list string matching · 5e7ff2ca
    Alan Stern 提交于
    Commit b704f70c ("SCSI: fix bug in scsi_dev_info_list matching")
    changed the way vendor- and model-string matching was carried out in the
    routine that looks up entries in a SCSI devinfo list.  The new matching
    code failed to take into account the case of a maximum-length string; in
    such cases it could end up testing for a terminating '\0' byte beyond
    the end of the memory allocated to the string.  This out-of-bounds bug
    was detected by UBSAN.
    
    I don't know if anybody has actually encountered this bug.  The symptom
    would be that a device entry in the blacklist might not be matched
    properly if it contained an 8-character vendor name or a 16-character
    model name.  Such entries certainly exist in scsi_static_device_list.
    
    This patch fixes the problem by adding a check for a maximum-length
    string before the '\0' test.
    Signed-off-by: NAlan Stern <stern@rowland.harvard.edu>
    Fixes: b704f70c ("SCSI: fix bug in scsi_dev_info_list matching")
    Tested-by: NWilfried Klaebe <linux-kernel@lebenslange-mailadresse.de>
    CC: <stable@vger.kernel.org> # v4.4+
    Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
    5e7ff2ca
scsi_devinfo.c 28.6 KB