dect
/
linux-2.6
Archived
13
0
Fork 0
Code Releases Activity

isci: possible buffer overflow in isci_parse_oem_parameters fixed 

scu_index is a parameter of isci_parse_eom_parameters and is an index
in controller table. There is a check: scu_index > SCI_MAX_CONTROLLERS
which is insufficient and should be: scu_index >= SCI_MAX_CONTROLLERS.
scu_index is used as an index in the table which size is
SCI_MAX_CONTROLLERS.

Signed-off-by: Maciej Patelczyk <maciej.patelczyk@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
This commit is contained in:
Maciej Patelczyk 2011-06-21 22:03:13 +00:00 committed by Dan Williams
parent 086a0dabc5
commit 7cafbf1bd5
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
drivers/scsi/isci/probe_roms.c
View File

@ -125,7 +125,7 @@ enum sci_status isci_parse_oem_parameters(union scic_oem_parameters *oem_params,
struct isci_orom *orom, int scu_index)
{
/* check for valid inputs */
if (scu_index < 0 || scu_index > SCI_MAX_CONTROLLERS ||
if (scu_index < 0 || scu_index >= SCI_MAX_CONTROLLERS ||
scu_index > orom->hdr.num_elements || !oem_params)
return -EINVAL;