[PATCH] a100u2w: Added sanitization for pointer dereference using a value from hardware. Detected using Carburizer (http://lwn.net/Articles/479653/)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Signed-off-by: Asim Kadav <kadav@xxxxxxxxxxx>
---
 drivers/scsi/a100u2w.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/scsi/a100u2w.c b/drivers/scsi/a100u2w.c
index 0163457..c2ca15c 100644
--- a/drivers/scsi/a100u2w.c
+++ b/drivers/scsi/a100u2w.c
@@ -821,6 +821,9 @@ static irqreturn_t orc_interrupt(struct orc_host * host)
 		/* Get the SCB index of the SCB to service */
 		scb_index = inb(host->base + ORC_RQUEUE);
 
+		/* Sanitize incoming index */
+		scb_index &= 31;
+
 		/* Translate it back to a host pointer */
 		scb = (struct orc_scb *) ((unsigned long) host->scb_virt + (unsigned long) (sizeof(struct orc_scb) * scb_index));
 		scb->status = 0x0;
-- 
1.7.11.3--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]
  Powered by Linux