From: Martin Wilck <mwilck@suse.com>
Date: Mon, 26 Nov 2018 16:29:33 +0000 (+0100)
Subject: libmpathpersist: fix off-by-one error in PRIN length check
X-Git-Tag: 0.8.0~69
X-Git-Url: https://git.opensvc.com/gitweb.cgi?p=multipath-tools%2F.git;a=commitdiff_plain;h=a666916f5bf663df2f14da00c1a0091cf74088c0;hp=f6839ebdbcee27942970dda9481441d3cf5a4131

libmpathpersist: fix off-by-one error in PRIN length check

The length check added by bf25392f4e98 was off by one, so
that a warning was printed even for correct responses
for PERSISTENT_RESERVE_IN READ_FULL_STATUS service actions.
Non-fatal, but should be fixed nonetheless.

Fixes: bf25392f4e98 "libmpathpersist: fix stack overflow in
   mpath_format_readfullstatus()"
Signed-off-by: Martin Wilck <mwilck@suse.com>
---

diff --git a/libmpathpersist/mpath_pr_ioctl.c b/libmpathpersist/mpath_pr_ioctl.c
index a222b1e1..c4f4ccda 100644
--- a/libmpathpersist/mpath_pr_ioctl.c
+++ b/libmpathpersist/mpath_pr_ioctl.c
@@ -241,7 +241,7 @@ void mpath_format_readfullstatus(struct prin_resp *pr_buff, int len, int noisy)
 		fdesc.rtpi = get_unaligned_be16(&p[18]);
 
 		tid_len_len = get_unaligned_be32(&p[20]);
-		if (tid_len_len + 24 + k >= additional_length) {
+		if (tid_len_len + 24 + k > additional_length) {
 			condlog(0,
 				"%s: corrupt PRIN response: status descriptor end %d exceeds length %d",
 				__func__, tid_len_len + k + 24,