[PATCH] coverity: ipmi_msghandler() channels array overrun fix
We fix the check in 1084, which was 1084 if (addr->channel > IPMI_NUM_CHANNELS) { 1085 spin_lock_irqsave(&intf->counter_lock, flags); 1086 intf->sent_invalid_commands++; 1087 spin_unlock_irqrestore(&intf->counter_lock, flags); 1088 rv = -EINVAL; 1089 goto out_err; 1090 } addr->channel is used in 1092 if (intf->channels[addr->channel].medium Definitions involved: 221 struct ipmi_channel channels[IPMI_MAX_CHANNELS]; 134 #define IPMI_MAX_CHANNELS 8 In /linux-2.6.12-rc6/include/linux/ipmi.h 148 #define IPMI_NUM_CHANNELS 0x10 Signed-off-by: Zaur Kambarov <zkambarov@coverity.com> Cc: Corey Minyard <minyard@acm.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This commit is contained in:
parent
a77e3362a2
commit
9c101fd439
1 changed files with 2 additions and 2 deletions
|
@ -1088,8 +1088,8 @@ static inline int i_ipmi_request(ipmi_user_t user,
|
|||
long seqid;
|
||||
int broadcast = 0;
|
||||
|
||||
if (addr->channel > IPMI_NUM_CHANNELS) {
|
||||
spin_lock_irqsave(&intf->counter_lock, flags);
|
||||
if (addr->channel >= IPMI_MAX_CHANNELS) {
|
||||
spin_lock_irqsave(&intf->counter_lock, flags);
|
||||
intf->sent_invalid_commands++;
|
||||
spin_unlock_irqrestore(&intf->counter_lock, flags);
|
||||
rv = -EINVAL;
|
||||
|
|
Loading…
Reference in a new issue