Commit 9d660f18 authored Oct 16, 2019 by Hailiang Wang Committed by Tomasz Zawadzki Oct 18, 2019

lib/iscsi: add checking total_ahs_len in iscsi_reject



Fix static analyzer error by ensuring 4 * total_ahs_len is
not larger than ISCSI_AHS_LEN.

When ./configure -enable-werror --enable-ubsan --enable-asan,
iscsi target reports heap-buffer-overflow error
when I feeding unexpeted pdu opcode.

Change-Id: Ib8053e1a19b5e49385642106eb79c458d35ab3c6
Signed-off-by: Hailiang Wang <hailiangx.e.wang@intel.com>
Reviewed-on: https://review.gerrithub.io/c/spdk/spdk/+/471489


Reviewed-by: Shuhei Matsumoto <shuhei.matsumoto.xt@hitachi.com>
Reviewed-by: Jim Harris <james.r.harris@intel.com>
Reviewed-by: Liang Yan <liang.z.yan@intel.com>
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>

parent 1dc9a762

lib/iscsi/iscsi.c

+3 −2

Original line number	Diff line number	Diff line
		@@ -281,8 +281,9 @@ iscsi_reject(struct spdk_iscsi_conn conn, struct spdk_iscsi_pdu pdu,
		data_len += ISCSI_BHS_LEN;

		if (total_ahs_len != 0) {
		memcpy(data + data_len, pdu->ahs, (4 * total_ahs_len));
		data_len += (4 * total_ahs_len);
		total_ahs_len = spdk_min((4 * total_ahs_len), ISCSI_AHS_LEN);
		memcpy(data + data_len, pdu->ahs, total_ahs_len);
		data_len += total_ahs_len;
		}

		if (conn->header_digest) {