On Sat, 18 Apr 2020 at 07:30, Chen Qun wrote:
>
> There is an overflow, the source 'datain.data[2]' is 100 bytes,
> but the 'ss' is 252 bytes.This may cause a security issue because
> we can access a lot of unrelated memory data.
>
> The len for sbp copy data should take the minimum of mx_sb_len
On Sat, Apr 18, 2020 at 02:26:02PM +0800, Chen Qun wrote:
> There is an overflow, the source 'datain.data[2]' is 100 bytes,
> but the 'ss' is 252 bytes.This may cause a security issue because
> we can access a lot of unrelated memory data.
>
> The len for sbp copy data should take the minimum of
There is an overflow, the source 'datain.data[2]' is 100 bytes,
but the 'ss' is 252 bytes.This may cause a security issue because
we can access a lot of unrelated memory data.
The len for sbp copy data should take the minimum of mx_sb_len and
sb_len_wr, not the maximum.
If we use iscsi device
