From 02b9b01fa118dbca3d0053ed5a8fba785d4f2974 Mon Sep 17 00:00:00 2001
From: David Disseldorp <ddiss@suse.de>
Date: Mon, 19 Oct 2020 14:37:13 +0200
Subject: [PATCH] lib: check length for sense key specific sense data
 descriptors

Explicitly check that the sense data descriptor ADDITIONAL LENGTH field
matches the expected value for sense key specific sense data
descriptors.

Signed-off-by: David Disseldorp <ddiss@suse.de>
---
 lib/iscsi-command.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/iscsi-command.c b/lib/iscsi-command.c
index ba4bc44..a45b8dd 100644
--- a/lib/iscsi-command.c
+++ b/lib/iscsi-command.c
@@ -326,12 +326,14 @@ static void parse_sense_descriptors(struct scsi_sense *sense, const uint8_t *sb,
 	const unsigned char *p, *const end = sb + sb_len;
 
 	for (p = sb; p < end; p += p[1]) {
-		if (p[1] < 4) /* length */
+		uint8_t addl_len = p[1];
+		if (addl_len < 4)
 			break;
 		switch (p[0]) {
 		case 2:
 			/* Sense key specific sense data descriptor */
-			parse_sense_spec(sense, p + 4);
+			if (addl_len == 0x06)
+				parse_sense_spec(sense, p + 4);
 			break;
 		}
 	}