summaryrefslogtreecommitdiff
path: root/crypto/async_tx/async_memcpy.c
diff options
context:
space:
mode:
authorRoland Dreier <roland@purestorage.com>2012-07-16 15:34:24 -0700
committerNicholas Bellinger <nab@linux-iscsi.org>2012-07-16 17:35:36 -0700
commitb7fc7f3777582dea85156a821d78a522a0c083aa (patch)
treefa190792d308e5fa42728d0d805e3338e1279ea0 /crypto/async_tx/async_memcpy.c
parent1a5fa4576ec8a462313c7516b31d7453481ddbe8 (diff)
target: Fix possible integer underflow in UNMAP emulation
It's possible for an initiator to send us an UNMAP command with a descriptor that is less than 8 bytes; in that case it's really bad for us to set an unsigned int to that value, subtract 8 from it, and then use that as a limit for our loop (since the value will wrap around to a huge positive value). Fix this by making size be signed and only looping if size >= 16 (ie if we have at least a full descriptor available). Also remove offset as an obfuscated name for the constant 8. Signed-off-by: Roland Dreier <roland@purestorage.com> Cc: stable@vger.kernel.org Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Diffstat (limited to 'crypto/async_tx/async_memcpy.c')
0 files changed, 0 insertions, 0 deletions