In qla24xx_process_purex_rdp, the function casts item->iocb to
struct purex_entry_24xx without verifying if the actual data size
(item->size) is sufficient. This can lead to an out-of-bounds read
when accessing members of the purex structure or during buffer dumps.

This patch adds a check to ensure item->size is at least the size of
struct purex_entry_24xx before processing. This aligns the function's
defensive logic with qla27xx_process_purex_fpin.

Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
---
 drivers/scsi/qla2xxx/qla_os.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c
index 16a44c0917e1..7e2ea880ac37 100644
--- a/drivers/scsi/qla2xxx/qla_os.c
+++ b/drivers/scsi/qla2xxx/qla_os.c
@@ -6075,6 +6075,9 @@ void qla24xx_process_purex_rdp(struct scsi_qla_host *vha,
 	uint rsp_payload_length = sizeof(*rsp_payload);
 	int rval;
 
+	if (item->size < sizeof(*purex))
+		return;
+
 	ql_dbg(ql_dbg_init + ql_dbg_verbose, vha, 0x0180,
 	    "%s: Enter\n", __func__);
 
-- 
2.25.1