scsi: libfc: Fix array index out of bound exception

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Fix array index out of bound exception in fc_rport_prli_resp().

Link: https://lore.kernel.org/r/20210615165939.24327-1-jhasan@marvell.com
Signed-off-by: Javed Hasan <jhasan@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

authored by

Javed Hasan and committed by

Martin K. Petersen 4 years ago b27c4577 2506f5dc

+8 -5

1 changed file

expand all

drivers

scsi

libfc

fc_rport.c

+8 -5

drivers/scsi/libfc/fc_rport.c

··· 1162 1162 resp_code = (pp->spp.spp_flags & FC_SPP_RESP_MASK); 1163 1163 FC_RPORT_DBG(rdata, "PRLI spp_flags = 0x%x spp_type 0x%x\n", 1164 1164 pp->spp.spp_flags, pp->spp.spp_type); 1165 + 1165 1166 rdata->spp_type = pp->spp.spp_type; 1166 1167 if (resp_code != FC_SPP_RESP_ACK) { 1167 1168 if (resp_code == FC_SPP_RESP_CONF) ··· 1185 1184 /* 1186 1185 * Call prli provider if we should act as a target 1187 1186 */ 1188 - prov = fc_passive_prov[rdata->spp_type]; 1189 - if (prov) { 1190 - memset(&temp_spp, 0, sizeof(temp_spp)); 1191 - prov->prli(rdata, pp->prli.prli_spp_len, 1192 - &pp->spp, &temp_spp); 1187 + if (rdata->spp_type < FC_FC4_PROV_SIZE) { 1188 + prov = fc_passive_prov[rdata->spp_type]; 1189 + if (prov) { 1190 + memset(&temp_spp, 0, sizeof(temp_spp)); 1191 + prov->prli(rdata, pp->prli.prli_spp_len, 1192 + &pp->spp, &temp_spp); 1193 + } 1193 1194 } 1194 1195 /* 1195 1196 * Check if the image pair could be established