aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/scsi/gdth.c
diff options
context:
space:
mode:
authorDave Jones <davej@redhat.com>2009-10-19 19:55:13 -0400
committerJames Bottomley <James.Bottomley@suse.de>2009-11-11 12:14:21 -0500
commit690e744869f3262855b83b4fb59199cf142765b0 (patch)
treed204a5bde554ac02629af669db2362f2103c77f8 /drivers/scsi/gdth.c
parent198439e4afec431d2fa2cab9a4dcca87e5adc7a5 (diff)
[SCSI] gdth: Prevent negative offsets in ioctl CVE-2009-3080
A negative offset could be used to index before the event buffer and lead to a security breach. Signed-off-by: Dave Jones <davej@redhat.com> Cc: Stable Tree <stable@kernel.org> Signed-off-by: James Bottomley <James.Bottomley@suse.de>
Diffstat (limited to 'drivers/scsi/gdth.c')
-rw-r--r--drivers/scsi/gdth.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/scsi/gdth.c b/drivers/scsi/gdth.c
index 185e6bc4dd40..9e8fce0f0c1b 100644
--- a/drivers/scsi/gdth.c
+++ b/drivers/scsi/gdth.c
@@ -2900,7 +2900,7 @@ static int gdth_read_event(gdth_ha_str *ha, int handle, gdth_evt_str *estr)
2900 eindex = handle; 2900 eindex = handle;
2901 estr->event_source = 0; 2901 estr->event_source = 0;
2902 2902
2903 if (eindex >= MAX_EVENTS) { 2903 if (eindex < 0 || eindex >= MAX_EVENTS) {
2904 spin_unlock_irqrestore(&ha->smp_lock, flags); 2904 spin_unlock_irqrestore(&ha->smp_lock, flags);
2905 return eindex; 2905 return eindex;
2906 } 2906 }