The function simple_strtoul performs no error checking
in scenarios where the input value overflows the intended
output variable.
We can replace the use of the simple_strtoul with the safer
alternatives kstrtoul. For fail case, we also print the extra
message.
Signed-off-by: Hongbo Li <lihongbo22@xxxxxxxxxx>
---
drivers/scsi/qla2xxx/qla_dfs.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/qla2xxx/qla_dfs.c b/drivers/scsi/qla2xxx/qla_dfs.c
index a1545dad0c0c..e92d4e43bdf5 100644
--- a/drivers/scsi/qla2xxx/qla_dfs.c
+++ b/drivers/scsi/qla2xxx/qla_dfs.c
@@ -598,7 +598,12 @@ qla_dfs_naqp_write(struct file *file, const char __user *buffer,
return PTR_ERR(buf);
}
- num_act_qp = simple_strtoul(buf, NULL, 0);
+ if (kstrtoul(buf, 0, &num_act_qp)) {
+ pr_err("host:%ld: fail to parse user buffer into number.",
+ vha->host_no);
+ rc = -EINVAL;
+ goto out_free;
+ }
if (num_act_qp >= vha->hw->max_qpairs) {
pr_err("User set invalid number of qpairs %lu. Max = %d",
--
2.34.1
