Menu
▾
▴
#27 Buffer overflow with immediate data
If the initiator sends immediate data that is larger than CONFIG_TARGET_MAX_IMMEDIATE, it will overflow the target_cmd_t buffer. This can easily occur with the default values since the target will negotiate a FirstBurstLength up to 1MB, but the immediate buffer is only 65K. The default size of the immediate buffer needs to be increased, or dynamically allocated. Also, range checking should be added to prevent buffer overflow when writing to the immediate buffer.
