diff options
author | Dave Jones <davej@redhat.com> | 2009-10-19 19:55:13 -0400 |
---|---|---|
committer | James Bottomley <James.Bottomley@suse.de> | 2009-11-11 12:14:21 -0500 |
commit | 690e744869f3262855b83b4fb59199cf142765b0 (patch) | |
tree | d204a5bde554ac02629af669db2362f2103c77f8 /drivers/scsi/gdth.c | |
parent | 198439e4afec431d2fa2cab9a4dcca87e5adc7a5 (diff) |
[SCSI] gdth: Prevent negative offsets in ioctl CVE-2009-3080
A negative offset could be used to index before the event buffer and
lead to a security breach.
Signed-off-by: Dave Jones <davej@redhat.com>
Cc: Stable Tree <stable@kernel.org>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
Diffstat (limited to 'drivers/scsi/gdth.c')
-rw-r--r-- | drivers/scsi/gdth.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/scsi/gdth.c b/drivers/scsi/gdth.c index 185e6bc4dd40..9e8fce0f0c1b 100644 --- a/drivers/scsi/gdth.c +++ b/drivers/scsi/gdth.c | |||
@@ -2900,7 +2900,7 @@ static int gdth_read_event(gdth_ha_str *ha, int handle, gdth_evt_str *estr) | |||
2900 | eindex = handle; | 2900 | eindex = handle; |
2901 | estr->event_source = 0; | 2901 | estr->event_source = 0; |
2902 | 2902 | ||
2903 | if (eindex >= MAX_EVENTS) { | 2903 | if (eindex < 0 || eindex >= MAX_EVENTS) { |
2904 | spin_unlock_irqrestore(&ha->smp_lock, flags); | 2904 | spin_unlock_irqrestore(&ha->smp_lock, flags); |
2905 | return eindex; | 2905 | return eindex; |
2906 | } | 2906 | } |