hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I9K8D1 CVE: NA
--------------------------------
This reverts commit d77d7bbc1c59243c536a82076c8a3bdc87b98e41.
Backport mainline patches(584892fd29a4 "scsi: ses: Fix possible desc_ptr out-of-bounds accesses") to replace it.
Fixes: d77d7bbc1c59 ("scsi: ses: fix slab-out-of-bounds in ses_enclosure_data_process") Signed-off-by: Li Lingfeng lilingfeng3@huawei.com --- drivers/scsi/ses.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/scsi/ses.c b/drivers/scsi/ses.c index 6b0397e5d47b..d6a8f7c0192c 100644 --- a/drivers/scsi/ses.c +++ b/drivers/scsi/ses.c @@ -569,11 +569,11 @@ static void ses_enclosure_data_process(struct enclosure_device *edev, int max_desc_len;
if (desc_ptr) { - len = (desc_ptr[2] << 8) + desc_ptr[3]; - desc_ptr += 4; - if (desc_ptr + len > buf + page7_len) { + if (desc_ptr >= buf + page7_len) { desc_ptr = NULL; } else { + len = (desc_ptr[2] << 8) + desc_ptr[3]; + desc_ptr += 4; /* Add trailing zero - pushes into * reserved space */ desc_ptr[len] = '\0';