Commit 7cafbf1b authored Jun 21, 2011 by Maciej Patelczyk Committed by Dan Williams Jul 03, 2011

isci: possible buffer overflow in isci_parse_oem_parameters fixed



scu_index is a parameter of isci_parse_eom_parameters and is an index
in controller table. There is a check: scu_index > SCI_MAX_CONTROLLERS
which is insufficient and should be: scu_index >= SCI_MAX_CONTROLLERS.
scu_index is used as an index in the table which size is
SCI_MAX_CONTROLLERS.

Signed-off-by: Maciej Patelczyk <maciej.patelczyk@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>

parent 086a0dab

drivers/scsi/isci/probe_roms.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -125,7 +125,7 @@ enum sci_status isci_parse_oem_parameters(union scic_oem_parameters *oem_params,
		struct isci_orom *orom, int scu_index)
		{
		/* check for valid inputs */
		if (scu_index < 0 \|\| scu_index > SCI_MAX_CONTROLLERS \|\|
		if (scu_index < 0 \|\| scu_index >= SCI_MAX_CONTROLLERS \|\|
		scu_index > orom->hdr.num_elements \|\| !oem_params)
		return -EINVAL;