scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() (!4414) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9 · GitLab

Ewan D. Milne requested to merge e-milne/centos-stream-9:RHEL-39719 into main Jun 04, 2024

scsi: qla2xxx: Fix off by one in qla_edif_app_getstats()

JIRA: https://issues.redhat.com/browse/RHEL-39719 CVE: CVE-2024-36025 Upstream Status: From upstream linux mainline

The app_reply->elem[] array is allocated earlier in this function and it has app_req.num_ports elements. Thus this > comparison needs to be >= to prevent memory corruption.

Fixes: 7878f22a2e03 ("scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs") Signed-off-by: Dan Carpenter dan.carpenter@linaro.org Link: https://lore.kernel.org/r/5c125b2f-92dd-412b-9b6f-fc3a3207bd60@moroto.mountain Reviewed-by: Himanshu Madhani himanshu.madhani@oracle.com Signed-off-by: Martin K. Petersen martin.petersen@oracle.com (cherry picked from commit 4406e4176f47177f5e51b4cc7e6a7a2ff3dbfbbd) Signed-off-by: Ewan D. Milne emilne@redhat.com