From: Colin Ian King <colin.king@xxxxxxxxxxxxx>
Reading and writing to mode[count - 1] implies the count should not
be less than 1 so add a sanity check for this.
Detected with CoverityScan, CID#1357345 ("Overflowed array index write")
Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>
---
drivers/scsi/fcoe/fcoe_sysfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/fcoe/fcoe_sysfs.c b/drivers/scsi/fcoe/fcoe_sysfs.c
index 9cf3d56296ab..e298240c728c 100644
--- a/drivers/scsi/fcoe/fcoe_sysfs.c
+++ b/drivers/scsi/fcoe/fcoe_sysfs.c
@@ -288,7 +288,7 @@ static ssize_t store_ctlr_mode(struct device *dev,
struct fcoe_ctlr_device *ctlr = dev_to_ctlr(dev);
char mode[FCOE_MAX_MODENAME_LEN + 1];
- if (count > FCOE_MAX_MODENAME_LEN)
+ if (count < 1 || count > FCOE_MAX_MODENAME_LEN)
return -EINVAL;
strncpy(mode, buf, count);
--
2.11.0
--
To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
