From 5f9a056db9c7973c46337ec8d034323aa72bf206 Mon Sep 17 00:00:00 2001 From: Joe Eykholt Date: Tue, 3 Nov 2009 11:48:55 -0800 Subject: [PATCH] [SCSI] libfc: fix symbolic name registrations smashing skb data The strncpy for RSPN_ID and RSNN_NN requests was padding past the allocated frame size. Get the string length before filling in the ct header. Signed-off-by: Joe Eykholt Signed-off-by: Robert Love Signed-off-by: James Bottomley --- include/scsi/fc_encode.h | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/include/scsi/fc_encode.h b/include/scsi/fc_encode.h index c8968d31c610..ab2260cb149c 100644 --- a/include/scsi/fc_encode.h +++ b/include/scsi/fc_encode.h @@ -111,6 +111,7 @@ static inline int fc_ct_fill(struct fc_lport *lport, enum fc_fh_type *fh_type) { struct fc_ct_req *ct; + size_t len; switch (op) { case FC_NS_GPN_FT: @@ -138,22 +139,22 @@ static inline int fc_ct_fill(struct fc_lport *lport, break; case FC_NS_RSPN_ID: - ct = fc_ct_hdr_fill(fp, op, sizeof(struct fc_ns_rspn)); + len = strnlen(fc_host_symbolic_name(lport->host), 255); + ct = fc_ct_hdr_fill(fp, op, sizeof(struct fc_ns_rspn) + len); hton24(ct->payload.spn.fr_fid.fp_fid, fc_host_port_id(lport->host)); strncpy(ct->payload.spn.fr_name, - fc_host_symbolic_name(lport->host), 255); - ct->payload.spn.fr_name_len = - strnlen(ct->payload.spn.fr_name, 255); + fc_host_symbolic_name(lport->host), len); + ct->payload.spn.fr_name_len = len; break; case FC_NS_RSNN_NN: - ct = fc_ct_hdr_fill(fp, op, sizeof(struct fc_ns_rsnn)); + len = strnlen(fc_host_symbolic_name(lport->host), 255); + ct = fc_ct_hdr_fill(fp, op, sizeof(struct fc_ns_rsnn) + len); put_unaligned_be64(lport->wwnn, &ct->payload.snn.fr_wwn); strncpy(ct->payload.snn.fr_name, - fc_host_symbolic_name(lport->host), 255); - ct->payload.snn.fr_name_len = - strnlen(ct->payload.snn.fr_name, 255); + fc_host_symbolic_name(lport->host), len); + ct->payload.snn.fr_name_len = len; break; default: