Commit 6ad34145 authored Mar 16, 2010 by Tilman Schmidt Committed by David S. Miller Mar 16, 2010

gigaset: correct range checking off by one error



Correct a potential array overrun due to an off by one error in the
range check on the CAPI CONNECT_REQ CIPValue parameter.
Found and reported by Dan Carpenter using smatch.

Impact: bugfix
Signed-off-by: Tilman Schmidt <tilman@imap.cc>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent 7f7708f0

drivers/isdn/gigaset/capi.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -1301,7 +1301,7 @@ static void do_connect_req(struct gigaset_capi_ctr *iif,
		}

		/* check parameter: CIP Value */
		if (cmsg->CIPValue > ARRAY_SIZE(cip2bchlc) \|\|
		if (cmsg->CIPValue >= ARRAY_SIZE(cip2bchlc) \|\|
		(cmsg->CIPValue > 0 && cip2bchlc[cmsg->CIPValue].bc == NULL)) {
		dev_notice(cs->dev, "%s: unknown CIP value %d\n",
		"CONNECT_REQ", cmsg->CIPValue);