* [PATCH] gigaset: correct range checking off by one error
@ 2010-03-16 17:04 Tilman Schmidt
2010-03-16 21:27 ` David Miller
0 siblings, 1 reply; 2+ messages in thread
From: Tilman Schmidt @ 2010-03-16 17:04 UTC (permalink / raw)
To: Karsten Keil, David Miller
Cc: Dan Carpenter, Hansjoerg Lipp, isdn4linux, i4ldeveloper, netdev,
linux-kernel, stable
Correct a potential array overrun due to an off by one error in the
range check on the CAPI CONNECT_REQ CIPValue parameter.
Found and reported by Dan Carpenter using smatch.
Impact: bugfix
Signed-off-by: Tilman Schmidt <tilman@imap.cc>
---
drivers/isdn/gigaset/capi.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/drivers/isdn/gigaset/capi.c b/drivers/isdn/gigaset/capi.c
index 4a31962..0220c19 100644
--- a/drivers/isdn/gigaset/capi.c
+++ b/drivers/isdn/gigaset/capi.c
@@ -1301,7 +1301,7 @@ static void do_connect_req(struct gigaset_capi_ctr *iif,
}
/* check parameter: CIP Value */
- if (cmsg->CIPValue > ARRAY_SIZE(cip2bchlc) ||
+ if (cmsg->CIPValue >= ARRAY_SIZE(cip2bchlc) ||
(cmsg->CIPValue > 0 && cip2bchlc[cmsg->CIPValue].bc == NULL)) {
dev_notice(cs->dev, "%s: unknown CIP value %d\n",
"CONNECT_REQ", cmsg->CIPValue);
--
1.6.5.3.298.g39add
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2010-03-16 21:27 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-03-16 17:04 [PATCH] gigaset: correct range checking off by one error Tilman Schmidt
2010-03-16 21:27 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).