summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTilman Schmidt <tilman@imap.cc>2010-03-16 07:04:01 +0000
committerGreg Kroah-Hartman <gregkh@suse.de>2010-04-01 16:01:28 -0700
commitf3cfe648b427db8768a1039cfd201842ae8a4a1d (patch)
tree05eb38149d2b254fdde88b4cec91027624354c47
parent9e08fc1695862878f05d2ae12e5c8fc004ca8f70 (diff)
downloadkernel-crypto-f3cfe648b427db8768a1039cfd201842ae8a4a1d.tar.gz
kernel-crypto-f3cfe648b427db8768a1039cfd201842ae8a4a1d.tar.xz
kernel-crypto-f3cfe648b427db8768a1039cfd201842ae8a4a1d.zip
gigaset: correct range checking off by one error
commit 6ad34145cf809384359fe513481d6e16638a57a3 upstream. Correct a potential array overrun due to an off by one error in the range check on the CAPI CONNECT_REQ CIPValue parameter. Found and reported by Dan Carpenter using smatch. Impact: bugfix Signed-off-by: Tilman Schmidt <tilman@imap.cc> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-rw-r--r--drivers/isdn/gigaset/capi.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/isdn/gigaset/capi.c b/drivers/isdn/gigaset/capi.c
index b7f2ebb5000..6b6c25d279b 100644
--- a/drivers/isdn/gigaset/capi.c
+++ b/drivers/isdn/gigaset/capi.c
@@ -1313,7 +1313,7 @@ static void do_connect_req(struct gigaset_capi_ctr *iif,
}
/* check parameter: CIP Value */
- if (cmsg->CIPValue > ARRAY_SIZE(cip2bchlc) ||
+ if (cmsg->CIPValue >= ARRAY_SIZE(cip2bchlc) ||
(cmsg->CIPValue > 0 && cip2bchlc[cmsg->CIPValue].bc == NULL)) {
dev_notice(cs->dev, "%s: unknown CIP value %d\n",
"CONNECT_REQ", cmsg->CIPValue);