aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/isdn
diff options
context:
space:
mode:
authorTilman Schmidt <tilman@imap.cc>2010-03-16 03:04:01 -0400
committerDavid S. Miller <davem@davemloft.net>2010-03-16 17:15:41 -0400
commit6ad34145cf809384359fe513481d6e16638a57a3 (patch)
tree33e57286febf0bfbbc8c276f2858de9327b8516f /drivers/isdn
parent7f7708f0055e49e331f267700aa8b2ee879f004c (diff)
gigaset: correct range checking off by one error
Correct a potential array overrun due to an off by one error in the range check on the CAPI CONNECT_REQ CIPValue parameter. Found and reported by Dan Carpenter using smatch. Impact: bugfix Signed-off-by: Tilman Schmidt <tilman@imap.cc> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'drivers/isdn')
-rw-r--r--drivers/isdn/gigaset/capi.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/isdn/gigaset/capi.c b/drivers/isdn/gigaset/capi.c
index 4a31962ddf71..0220c19351d9 100644
--- a/drivers/isdn/gigaset/capi.c
+++ b/drivers/isdn/gigaset/capi.c
@@ -1301,7 +1301,7 @@ static void do_connect_req(struct gigaset_capi_ctr *iif,
1301 } 1301 }
1302 1302
1303 /* check parameter: CIP Value */ 1303 /* check parameter: CIP Value */
1304 if (cmsg->CIPValue > ARRAY_SIZE(cip2bchlc) || 1304 if (cmsg->CIPValue >= ARRAY_SIZE(cip2bchlc) ||
1305 (cmsg->CIPValue > 0 && cip2bchlc[cmsg->CIPValue].bc == NULL)) { 1305 (cmsg->CIPValue > 0 && cip2bchlc[cmsg->CIPValue].bc == NULL)) {
1306 dev_notice(cs->dev, "%s: unknown CIP value %d\n", 1306 dev_notice(cs->dev, "%s: unknown CIP value %d\n",
1307 "CONNECT_REQ", cmsg->CIPValue); 1307 "CONNECT_REQ", cmsg->CIPValue);