Changeset 27181 in vbox

Timestamp:

Mar 8, 2010 5:26:35 PM (15 years ago)

Author:

vboxsync

Message:

Storage/iSCSI: Increase sense data buffers, and truncate sense data if the buffers are too small. Also fixes a potential buffer overrun when collecting the sense data.

File:

: 1 edited

trunk/src/VBox/Devices/Storage/ISCSIHDDCore.cpp (modified) (7 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/src/VBox/Devices/Storage/ISCSIHDDCore.cpp

-              r26960
+              r27181
     uint32_t *pDst = NULL;
     size_t cbBufLength;
     uint32_t aStat[64];
+    uint32_t aStatus[256]; /**< Plenty of buffer for status information. */
     uint32_t ExpDataSN = 0;
     bool final = false;
 …
         /* Always reserve space for the status - it's impossible to tell
          * beforehand whether this will be the final PDU or not. */
         aISCSIRes[cnISCSIRes].pvSeg = aStat;
         aISCSIRes[cnISCSIRes].cbSeg = sizeof(aStat);
+        aISCSIRes[cnISCSIRes].pvSeg = aStatus;
+        aISCSIRes[cnISCSIRes].cbSeg = sizeof(aStatus);
         cnISCSIRes++;
 …
+            {
                 uint32_t cbStat = RT_N2H_U32(((uint32_t *)aISCSIRes[1].pvSeg)[0]) >> 16;
                 if (cbStat + 2 > cbData || cbStat > pRequest->cbSense)
+                if (cbStat + 2 > cbData)
+                {
                     rc = VERR_BUFFER_OVERFLOW;
                     break;
+                }
+                pRequest->cbSense = cbStat;
+                memcpy(pRequest->pvSense, ((const uint8_t *)aISCSIRes[1].pvSeg) + 2, aISCSIRes[1].cbSeg - 2);
+                if (cnISCSIRes > 2 && aISCSIRes[2].cbSeg && (ssize_t)cbStat - aISCSIRes[1].cbSeg - 2 > 0)
+                    memcpy((char *)pRequest->pvSense + aISCSIRes[1].cbSeg, aISCSIRes[2].pvSeg, cbStat - aISCSIRes[1].cbSeg - 2);
+                /* Truncate sense data if it doesn't fit into the buffer. */
+                pRequest->cbSense = RT_MIN(cbStat, pRequest->cbSense);
+                memcpy(pRequest->pvSense,
+                       ((const char *)aISCSIRes[1].pvSeg) + 2,
+                       RT_MIN(aISCSIRes[1].cbSeg - 2, pRequest->cbSense));
+                if (   cnISCSIRes > 2 && aISCSIRes[2].cbSeg
+                    && (ssize_t)pRequest->cbSense - aISCSIRes[1].cbSeg + 2 > 0)
+                {
+                    memcpy((char *)pRequest->pvSense + aISCSIRes[1].cbSeg - 2,
+                           aISCSIRes[2].pvSeg,
+                           pRequest->cbSense - aISCSIRes[1].cbSeg + 2);
+                }
+            }
             else if (cbData == 1)
 …
     SCSIREQ sr;
     uint8_t sense[32];
+    uint8_t sense[96];
     uint8_t data8[8];
     uint8_t data12[12];
 …
     SCSIREQ sr;
     uint8_t cdb[10];
     uint8_t sense[32];
+    uint8_t sense[96];
     cdb[0] = SCSI_READ_10;
 …
     SCSIREQ sr;
     uint8_t cdb[10];
     uint8_t sense[32];
+    uint8_t sense[96];
     cdb[0] = SCSI_WRITE_10;
 …
     SCSIREQ sr;
     uint8_t cdb[10];
     uint8_t sense[32];
+    uint8_t sense[96];
     cdb[0] = SCSI_SYNCHRONIZE_CACHE;

Note: See TracChangeset for help on using the changeset viewer.

Changeset 27181 in vbox

Legend:

trunk/src/VBox/Devices/Storage/ISCSIHDDCore.cpp

Download in other formats: