[src/trunk]: src/sbin/scsictl Prevent stack buffer overflow when copying too-...

[jakllsch <jakllsch%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/8278879bc1e5
branches:  trunk
changeset: 777503:8278879bc1e5
user:      jakllsch <jakllsch%NetBSD.org@localhost>
date:      Tue Feb 21 02:22:54 2012 +0000

description:
Prevent stack buffer overflow when copying too-large-CDB into request.

diffstat:

 sbin/scsictl/scsi_subr.c |  5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diffs (26 lines):

diff -r 0797c20b944f -r 8278879bc1e5 sbin/scsictl/scsi_subr.c
--- a/sbin/scsictl/scsi_subr.c  Tue Feb 21 02:19:41 2012 +0000
+++ b/sbin/scsictl/scsi_subr.c  Tue Feb 21 02:22:54 2012 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: scsi_subr.c,v 1.13 2012/02/21 02:19:41 jakllsch Exp $  */
+/*     $NetBSD: scsi_subr.c,v 1.14 2012/02/21 02:22:54 jakllsch Exp $  */
 
 /*-
  * Copyright (c) 1998 The NetBSD Foundation, Inc.
@@ -38,7 +38,7 @@
 #include <sys/cdefs.h>
 
 #ifndef lint
-__RCSID("$NetBSD: scsi_subr.c,v 1.13 2012/02/21 02:19:41 jakllsch Exp $");
+__RCSID("$NetBSD: scsi_subr.c,v 1.14 2012/02/21 02:22:54 jakllsch Exp $");
 #endif
 
 
@@ -66,6 +66,7 @@
 
        memset(&req, 0, sizeof(req));
 
+       cmdlen = MIN(cmdlen, sizeof(req.cmd));
        memcpy(req.cmd, cmd, cmdlen);
        req.cmdlen = cmdlen;
        req.databuf = data;