[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cdi-devel] [PATCH] ata: Temporary buffer for ATAPI commands
On Sat, Dec 12, 2015 at 11:26:26PM +0100, Max Reitz wrote:
> ! ATAPI commands need to be of size 12. However, general SCSI packets
> may have any length and thus the SCSI command to be sent has to be
> copied to a temporary buffer before it can be passed to the ATAPI
> device.
>
> Signed-off-by: Max Reitz <max@xxxxxxxxxx>
> ---
> ata/atapi.c | 11 +++++++++--
> 1 file changed, 9 insertions(+), 2 deletions(-)
>
> diff --git a/ata/atapi.c b/ata/atapi.c
> index 31c7263..78f7f29 100644
> --- a/ata/atapi.c
> +++ b/ata/atapi.c
> @@ -28,6 +28,7 @@
>
> #include <stdio.h>
> #include <stdlib.h>
> +#include <string.h>
>
> #include "cdi.h"
> #include "cdi/storage.h"
> @@ -92,6 +93,12 @@ void atapi_remove_device(struct cdi_device* device)
>
> int atapi_request(struct cdi_scsi_device* scsi,struct cdi_scsi_packet* packet)
> {
> + uint8_t atapi_request[12];
> + if (packet->cmdsize > 12) {
> + return -1;
> + }
> + memcpy(atapi_request, packet->command, sizeof(atapi_request));
The length should be packet->cmdsize instead (which is already at most
12 bytes) in order to avoid copying uninitialised bytes from the
original buffer; we might want to pad with zeros then.
With this changed:
Acked-by: Kevin Wolf <kevin@xxxxxxxxxx>