| From: Prasad J Pandit <pjp@fedoraproject.org> |
| Date: Tue, 7 Jun 2016 16:44:03 +0530 |
| Subject: [PATCH] scsi: megasas: null terminate bios version buffer |
| |
| While reading information via 'megasas_ctrl_get_info' routine, |
| a local bios version buffer isn't null terminated. Add the |
| terminating null byte to avoid any OOB access. |
| |
| Reported-by: Li Qiang <liqiang6-s@360.cn> |
| Reviewed-by: Peter Maydell <peter.maydell@linaro.org> |
| Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> |
| Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> |
| (cherry picked from commit 844864fbae66935951529408831c2f22367a57b6) |
| |
| hw/scsi/megasas.c | 1 + |
| 1 file changed, 1 insertion(+) |
| |
| diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c |
| index cc66d36..a9ffc32 100644 |
| |
| |
| @@ -773,6 +773,7 @@ static int megasas_ctrl_get_info(MegasasState *s, MegasasCmd *cmd) |
| |
| ptr = memory_region_get_ram_ptr(&pci_dev->rom); |
| memcpy(biosver, ptr + 0x41, 31); |
| + biosver[31] = 0; |
| memcpy(info.image_component[1].name, "BIOS", 4); |
| memcpy(info.image_component[1].version, biosver, |
| strlen((const char *)biosver)); |