scsi: target: sbp: Potential integer overflow in sbp_make_tpg()

The variable tpgt in sbp_make_tpg() is defined as unsigned long and is
assigned to tpgt->tport_tpgt, which is defined as u16. This may cause an
integer overflow when tpgt is greater than USHRT_MAX (65535). I haven't
tried to trigger it myself, but it is possible to trigger it by calling
sbp_make_tpg() with a large value for tpgt.

Modify the type of tpgt to match tpgt->tport_tpgt and adjusted the
relevant code accordingly.

This patch is similar to commit 59c816c1f24d ("vhost/scsi: potential
memory corruption").

Signed-off-by: ReBeating <rebeating@163.com>
Link: https://patch.msgid.link/20251226031936.852-1-rebeating@163.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

0 files changed, 0 insertions, 0 deletions