• E
    iscsi: Avoid potential for get_status overflow · 8ee1cef4
    Eric Blake 提交于
    Detected by Coverity: Multiplying two 32-bit int and assigning
    the result to a 64-bit number is a risk of overflow.  Prior to
    the conversion to byte-based interfaces, the block layer took
    care of ensuring that a status request never exceeded 2G in
    the driver; but after that conversion, the block layer expects
    drivers to deal with any size request (the driver can always
    truncate the request size back down, as long as it makes
    progress).  So, in the off-chance that someone makes a large
    request, we are at the mercy of whether iscsi_get_lba_status_task()
    will cap things to at most INT_MAX / iscsilun->block_size when
    it populates lbasd->num_blocks; since I could not easily audit
    that, it's better to be safe than sorry by just forcing a 64-bit
    multiply.
    
    Fixes: 92809c36
    CC: qemu-stable@nongnu.org
    Signed-off-by: NEric Blake <eblake@redhat.com>
    Message-Id: <20180508212718.1482663-1-eblake@redhat.com>
    Reviewed-by: NPhilippe Mathieu-Daudé <f4bug@amsat.org>
    8ee1cef4
iscsi.c 78.3 KB