The call to strchr in our counter initialization does not check the return
value before attempting to use the pointer. In theory this should not
happen given the way the code is structured but do the smart thing and
check the value anyway to harden the code.
Reviewed-by: Michael J. Ruhl <michael.j.ruhl@xxxxxxxxx>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@xxxxxxxxx>
---
drivers/infiniband/hw/hfi1/verbs.c | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/drivers/infiniband/hw/hfi1/verbs.c b/drivers/infiniband/hw/hfi1/verbs.c
index 6d27c85..2487190 100644
--- a/drivers/infiniband/hw/hfi1/verbs.c
+++ b/drivers/infiniband/hw/hfi1/verbs.c
@@ -1733,6 +1733,12 @@ static int init_cntr_names(const char *names_in,
for (i = 0; i < n; i++) {
q[i] = p;
p = strchr(p, '\n');
+ if (!p) {
+ *num_cntrs = 0;
+ *cntr_names = NULL;
+ kfree(names_out);
+ return -EINVAL;
+ }
*p++ = '\0';
}
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
