From f7ba8bf447d44ac6b58fa0e41e58967754881897 Mon Sep 17 00:00:00 2001
From: Maurizio Lombardi <mlombard@redhat.com>
Date: Mon, 8 May 2023 17:47:00 +0200
Subject: [PATCH] fabrics: fix potential invalid memory access in
 __nvmf_supported_option()

In __nvmf_supported_option(), len is declared as size_t (unsigned)

"len = read()" may return a negative number;
the check "if (len < 0)" will always be false and therefore
"buf[len]" will dereference an invalid memory address.

len should be declared as a signed size_t (ssize_t)

Signed-off-by: Maurizio Lombardi <mlombard@redhat.com>
---
 src/nvme/fabrics.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/nvme/fabrics.c b/src/nvme/fabrics.c
index f9c26fe0..cb2dd0d2 100644
--- a/src/nvme/fabrics.c
+++ b/src/nvme/fabrics.c
@@ -625,7 +625,7 @@ static  int __nvmf_supported_options(nvme_root_t r)
 {
 	char buf[0x1000], *options, *p, *v;
 	int fd, ret;
-	size_t len;
+	ssize_t len;
 
 	if (r->options)
 		return 0;