From a666916f5bf663df2f14da00c1a0091cf74088c0 Mon Sep 17 00:00:00 2001 From: Martin Wilck Date: Mon, 26 Nov 2018 17:29:33 +0100 Subject: [PATCH 1/1] libmpathpersist: fix off-by-one error in PRIN length check The length check added by bf25392f4e98 was off by one, so that a warning was printed even for correct responses for PERSISTENT_RESERVE_IN READ_FULL_STATUS service actions. Non-fatal, but should be fixed nonetheless. Fixes: bf25392f4e98 "libmpathpersist: fix stack overflow in mpath_format_readfullstatus()" Signed-off-by: Martin Wilck --- libmpathpersist/mpath_pr_ioctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libmpathpersist/mpath_pr_ioctl.c b/libmpathpersist/mpath_pr_ioctl.c index a222b1e1..c4f4ccda 100644 --- a/libmpathpersist/mpath_pr_ioctl.c +++ b/libmpathpersist/mpath_pr_ioctl.c @@ -241,7 +241,7 @@ void mpath_format_readfullstatus(struct prin_resp *pr_buff, int len, int noisy) fdesc.rtpi = get_unaligned_be16(&p[18]); tid_len_len = get_unaligned_be32(&p[20]); - if (tid_len_len + 24 + k >= additional_length) { + if (tid_len_len + 24 + k > additional_length) { condlog(0, "%s: corrupt PRIN response: status descriptor end %d exceeds length %d", __func__, tid_len_len + k + 24, -- 2.20.1