[PATCH openEuler-1.0-LTS 1/2] Revert "scsi: ses: fix slab-out-of-bounds in ses_enclosure_data_process"

3 Nov 2025

Offering: HULK
hulk inclusion
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/ID0VIE
CVE: CVE-2023-53675

------------------

This reverts commit b101167f2bf44a2ac20382e0c9ba42b205146d2d.

Backport the patch from mainline.

Fixes: b101167f2bf4 ("scsi: ses: fix slab-out-of-bounds in ses_enclosure_data_process")
Signed-off-by: Zheng Qixing <zhengqixing@huawei.com>
---
 drivers/scsi/ses.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/scsi/ses.c b/drivers/scsi/ses.c
index 76c17d73e9d4..651899733dfa 100644
--- a/drivers/scsi/ses.c
+++ b/drivers/scsi/ses.c
@@ -558,11 +558,11 @@ static void ses_enclosure_data_process(struct enclosure_device *edev,
 			struct enclosure_component *ecomp;
 
 			if (desc_ptr) {
-				len = (desc_ptr[2] << 8) + desc_ptr[3];
-				desc_ptr += 4;
-				if (desc_ptr + len > buf + page7_len) {
+				if (desc_ptr >= buf + page7_len) {
 					desc_ptr = NULL;
 				} else {
+					len = (desc_ptr[2] << 8) + desc_ptr[3];
+					desc_ptr += 4;
 					/* Add trailing zero - pushes into
 					 * reserved space */
 					desc_ptr[len] = '\0';
-- 
2.39.2

    