[patch] USB: cxacru: fix an bounds check warning

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a privileged operation so it doesn't matter much.  We use "tmp"
as an offset into an array.  If it were invalid we could read out of
bounds and trigger an oops if the memory is not mapped.  Plus it makes
static checkers complain.

Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
---
This changes the behavior a little bit because in the original we could
give slightly invalid "len" values and the function would still work...

Please review it extra carefully to make sure it doesn't break
userspace.

diff --git a/drivers/usb/atm/cxacru.c b/drivers/usb/atm/cxacru.c
index 1173f9c..0a866e9 100644
--- a/drivers/usb/atm/cxacru.c
+++ b/drivers/usb/atm/cxacru.c
@@ -476,6 +476,8 @@ static ssize_t cxacru_sysfs_store_adsl_config(struct device *dev,
 			return -EINVAL;
 		if (index < 0 || index > 0x7f)
 			return -EINVAL;
+		if (tmp < 0 || tmp > len - pos)
+			return -EINVAL;
 		pos += tmp;
 
 		/* skip trailing newline */
--
To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel Development]     [Kernel Announce]     [Kernel Newbies]     [Linux Networking Development]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Device Mapper]

  Powered by Linux