[PATCH] scsi: fcoe: sanity check string size for store_ctrl_mode option

From: Colin King
Date: Wed Mar 22 2017 - 10:02:32 EST

Next message: David Woodhouse: "Re: [PATCH 17/17] arm64: Do not expose PCI mmap through procfs"
Previous message: Joel Stanley: "[PATCH] ipmi: bt-bmc: Add ast2500 compatible string"
Next in thread: Dan Carpenter: "Re: [PATCH] scsi: fcoe: sanity check string size for store_ctrl_mode option"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Colin Ian King <colin.king@xxxxxxxxxxxxx>

Reading and writing to mode[count - 1] implies the count should not
be less than 1 so add a sanity check for this.

Detected with CoverityScan, CID#1357345 ("Overflowed array index write")

Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>
---
drivers/scsi/fcoe/fcoe_sysfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/scsi/fcoe/fcoe_sysfs.c b/drivers/scsi/fcoe/fcoe_sysfs.c
index 9cf3d56296ab..e298240c728c 100644
--- a/drivers/scsi/fcoe/fcoe_sysfs.c
+++ b/drivers/scsi/fcoe/fcoe_sysfs.c
@@ -288,7 +288,7 @@ static ssize_t store_ctlr_mode(struct device *dev,
struct fcoe_ctlr_device *ctlr = dev_to_ctlr(dev);
char mode[FCOE_MAX_MODENAME_LEN + 1];

- if (count > FCOE_MAX_MODENAME_LEN)
+ if (count < 1 || count > FCOE_MAX_MODENAME_LEN)
return -EINVAL;

strncpy(mode, buf, count);
--
2.11.0

Next message: David Woodhouse: "Re: [PATCH 17/17] arm64: Do not expose PCI mmap through procfs"
Previous message: Joel Stanley: "[PATCH] ipmi: bt-bmc: Add ast2500 compatible string"
Next in thread: Dan Carpenter: "Re: [PATCH] scsi: fcoe: sanity check string size for store_ctrl_mode option"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]