Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / 2c38850bc6136be5dc16dc3f41812b8fe4672083^! / . / metropolis
commit2c38850bc6136be5dc16dc3f41812b8fe4672083[log] [tgz]
authorJan Schär <jan@jschaer.ch>Wed Apr 10 14:48:39 2024 +0200
committerJan Schär <jan@jschaer.ch>Thu Apr 11 07:41:43 2024 +0000
tree37af76b5420b8f1ca470d0084bcc632778f6e3b5
parenta6fe4ef0b60de6749cc41fe177af381f060d4b9b [diff]
m/p/scsi: add missing length check

The same check is already present in ReadDefectDataPhysical below.

Change-Id: If03c2f725c9d6f8fa665192c8cc8662b2e629253
Reviewed-on: https://review.monogon.dev/c/monogon/+/2952
Reviewed-by: Lorenz Brun <lorenz@monogon.tech>
Vouch-Run-CI: Lorenz Brun <lorenz@monogon.tech>
Tested-by: Jenkins CI

diff --git a/metropolis/pkg/scsi/dev_block.go b/metropolis/pkg/scsi/dev_block.go
index 1941d83..fba0512 100644
--- a/metropolis/pkg/scsi/dev_block.go
+++ b/metropolis/pkg/scsi/dev_block.go

@@ -45,6 +45,9 @@
 	if defectListLength%8 != 0 {
 		return nil, errors.New("returned defect list not divisible by array item size")
 	}
+	if len(data) < int(defectListLength)+4 {
+		return nil, errors.New("returned defect list longer than buffer")
+	}
 	res := make([]uint64, defectListLength/8)
 	if err := binary.Read(bytes.NewReader(data[4:]), binary.BigEndian, &res); err != nil {
 		panic(err)