isci: possible buffer overflow in isci_parse_oem_parameters fixed

scu_index is a parameter of isci_parse_eom_parameters and is an index in controller table. There is a check: scu_index > SCI_MAX_CONTROLLERS which is insufficient and should be: scu_index >= SCI_MAX_CONTROLLERS. scu_index is used as an index in the table which size is SCI_MAX_CONTROLLERS. Signed-off-by: N Maciej Patelczyk <maciej.patelczyk@intel.com> Signed-off-by: N Dan Williams <dan.j.williams@intel.com>

isci: possible buffer overflow in isci_parse_oem_parameters fixed
scu_index is a parameter of isci_parse_eom_parameters and is an index in controller table. There is a check: scu_index > SCI_MAX_CONTROLLERS which is insufficient and should be: scu_index >= SCI_MAX_CONTROLLERS. scu_index is used as an index in the table which size is SCI_MAX_CONTROLLERS. Signed-off-by: N Maciej Patelczyk <maciej.patelczyk@intel.com> Signed-off-by: N Dan Williams <dan.j.williams@intel.com>
7cafbf1b · Maciej Patelczyk · Dan Williams · 086a0dab · 7cafbf1b
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

drivers/scsi/isci/probe_roms.c drivers/scsi/isci/probe_roms.c +1 -1

未找到文件。
--- a/drivers/scsi/isci/probe_roms.c
+++ b/drivers/scsi/isci/probe_roms.c
@@ -125,7 +125,7 @@ enum sci_status isci_parse_oem_parameters(union scic_oem_parameters *oem_params,
 					  struct isci_orom *orom, int scu_index)
 {
 	/* check for valid inputs */
-	if (scu_index < 0 || scu_index > SCI_MAX_CONTROLLERS ||
+	if (scu_index < 0 || scu_index >= SCI_MAX_CONTROLLERS ||
 	    scu_index > orom->hdr.num_elements || !oem_params)
 		return -EINVAL;