Re: [PATCH] enclosure: fix oops while iterating enclosure_statusarray
From: James Bottomley
Date: Fri Nov 20 2009 - 16:43:27 EST
*really* (promise) adding linux-scsi to the cc list this time.
Patch looks fine to me, though, thanks.
James
On Thu, 2009-11-19 at 19:23 -0500, Jeff Mahoney wrote:
> enclosure_status is expected to be a NULL terminated array of strings
> but isn't actually NULL terminated. When writing an invalid value to
> /sys/class/enclosure/.../.../status, it goes off the end of the array
> and Oopses.
>
> This patch uses the array size instead.
>
> Reported-by: Artur Wojcik <artur.wojcik@xxxxxxxxx>
> Signed-off-by: Jeff Mahoney <jeffm@xxxxxxxx>
> ---
> drivers/misc/enclosure.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> --- a/drivers/misc/enclosure.c
> +++ b/drivers/misc/enclosure.c
> @@ -412,8 +412,9 @@ static ssize_t set_component_status(stru
> struct enclosure_component *ecomp = to_enclosure_component(cdev);
> int i;
>
> - for (i = 0; enclosure_status[i]; i++) {
> - if (strncmp(buf, enclosure_status[i],
> + for (i = 0; i < ARRAY_SIZE(enclosure_status); i++) {
> + if (enclosure_status[i] &&
> + strncmp(buf, enclosure_status[i],
> strlen(enclosure_status[i])) == 0 &&
> (buf[strlen(enclosure_status[i])] == '\n' ||
> buf[strlen(enclosure_status[i])] == '\0'))
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/