diff --git a/hw/s390x/s390-pci-bus.c b/hw/s390x/s390-pci-bus.c index b2cd31c15f..a77c10ce9e 100644 --- a/hw/s390x/s390-pci-bus.c +++ b/hw/s390x/s390-pci-bus.c @@ -113,6 +113,11 @@ void s390_pci_sclp_configure(SCCB *sccb) S390PCIBusDevice *pbdev = s390_pci_find_dev_by_fid(be32_to_cpu(psccb->aid)); uint16_t rc; + if (be16_to_cpu(sccb->h.length) < 16) { + rc = SCLP_RC_INSUFFICIENT_SCCB_LENGTH; + goto out; + } + if (pbdev) { if (pbdev->configured) { rc = SCLP_RC_NO_ACTION_REQUIRED; @@ -124,7 +129,7 @@ void s390_pci_sclp_configure(SCCB *sccb) DPRINTF("sclp config no dev found\n"); rc = SCLP_RC_ADAPTER_ID_NOT_RECOGNIZED; } - +out: psccb->header.response_code = cpu_to_be16(rc); } @@ -134,6 +139,11 @@ void s390_pci_sclp_deconfigure(SCCB *sccb) S390PCIBusDevice *pbdev = s390_pci_find_dev_by_fid(be32_to_cpu(psccb->aid)); uint16_t rc; + if (be16_to_cpu(sccb->h.length) < 16) { + rc = SCLP_RC_INSUFFICIENT_SCCB_LENGTH; + goto out; + } + if (pbdev) { if (!pbdev->configured) { rc = SCLP_RC_NO_ACTION_REQUIRED; @@ -151,7 +161,7 @@ void s390_pci_sclp_deconfigure(SCCB *sccb) DPRINTF("sclp deconfig no dev found\n"); rc = SCLP_RC_ADAPTER_ID_NOT_RECOGNIZED; } - +out: psccb->header.response_code = cpu_to_be16(rc); }