| #
315831 |
|
23-Mar-2017 |
avg |
MFC r314864: firewire/sbp: try to improve locking, plus a few style nits
|
| #
315813 |
|
23-Mar-2017 |
mav |
MFC r311305 (by asomers):
Always null-terminate ccb_pathinq.(sim_vid|hba_vid|dev_name)
The sim_vid, hba_vid, and dev_name fields of struct ccb_pathinq are
fixed-length strings. AFAICT the only place they're read is in
sbin/camcontrol/camcontrol.c, which assumes they'll be null-terminated.
However, the kernel doesn't null-terminate them. A bunch of copy-pasted code
uses strncpy to write them, and doesn't guarantee null-termination. For at
least 4 drivers (mpr, mps, ciss, and hyperv), the hba_vid field actually
overflows. You can see the result by doing "camcontrol negotiate da0 -v".
This change null-terminates those fields everywhere they're set in the
kernel. It also shortens a few strings to ensure they'll fit within the
16-character field.
PR: 215474
Reported by: Coverity
CID: 1009997 1010000 1010001 1010002 1010003 1010004 1010005
CID: 1331519 1010006 1215097 1010007 1288967 1010008 1306000
CID: 1211924 1010009 1010010 1010011 1010012 1010013 1010014
CID: 1147190 1010017 1010016 1010018 1216435 1010020 1010021
CID: 1010022 1009666 1018185 1010023 1010025 1010026 1010027
CID: 1010028 1010029 1010030 1010031 1010033 1018186 1018187
CID: 1010035 1010036 1010042 1010041 1010040 1010039
|
| #
314836 |
|
07-Mar-2017 |
mav |
MFC r314374: Add safety check against too long CDB.
SBP-2 specification defined maximum CDB length as 12 bytes. Newer SBP-3
specification allows CDB of any size, but this driver is too old. Proper
solution would be to look on maximal ORB size supported by the target.
|
| #
275982 |
|
21-Dec-2014 |
smh |
MFC r274819:
Prevent overflow issues in timeout processing
MFC r274852:
Fix build with asr driver
Sponsored by: Multiplay
|
| #
275978 |
|
21-Dec-2014 |
smh |
MFC r266772:
Various cleanups and fixes including switching from timeout to callout
Sponsored by: Multiplay
|
| #
266921 |
|
31-May-2014 |
brueffer |
MFC: r266270
Remove some unused variables.
|
| #
261455 |
|
04-Feb-2014 |
eadler |
MFC r258779,r258780,r258787,r258822:
Fix undefined behavior: (1 << 31) is not defined as 1 is an int and this
shifts into the sign bit. Instead use (1U << 31) which gets the
expected result.
Similar to the (1 << 31) case it is not defined to do (2 << 30).
This fix is not ideal as it assumes a 32 bit int, but does fix the issue
for most cases.
A similar change was made in OpenBSD.
|
| #
275982 |
|
21-Dec-2014 |
smh |
MFC r274819:
Prevent overflow issues in timeout processing
MFC r274852:
Fix build with asr driver
Sponsored by: Multiplay
|
| #
275978 |
|
21-Dec-2014 |
smh |
MFC r266772:
Various cleanups and fixes including switching from timeout to callout
Sponsored by: Multiplay
|
| #
266921 |
|
31-May-2014 |
brueffer |
MFC: r266270
Remove some unused variables.
|
| #
261455 |
|
04-Feb-2014 |
eadler |
MFC r258779,r258780,r258787,r258822:
Fix undefined behavior: (1 << 31) is not defined as 1 is an int and this
shifts into the sign bit. Instead use (1U << 31) which gets the
expected result.
Similar to the (1 << 31) case it is not defined to do (2 << 30).
This fix is not ideal as it assumes a 32 bit int, but does fix the issue
for most cases.
A similar change was made in OpenBSD.
|