diff options
author | Tilman Schmidt <tilman@imap.cc> | 2010-03-16 07:04:01 +0000 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2010-04-01 16:01:28 -0700 |
commit | f3cfe648b427db8768a1039cfd201842ae8a4a1d (patch) | |
tree | 05eb38149d2b254fdde88b4cec91027624354c47 | |
parent | 9e08fc1695862878f05d2ae12e5c8fc004ca8f70 (diff) | |
download | kernel-crypto-f3cfe648b427db8768a1039cfd201842ae8a4a1d.tar.gz kernel-crypto-f3cfe648b427db8768a1039cfd201842ae8a4a1d.tar.xz kernel-crypto-f3cfe648b427db8768a1039cfd201842ae8a4a1d.zip |
gigaset: correct range checking off by one error
commit 6ad34145cf809384359fe513481d6e16638a57a3 upstream.
Correct a potential array overrun due to an off by one error in the
range check on the CAPI CONNECT_REQ CIPValue parameter.
Found and reported by Dan Carpenter using smatch.
Impact: bugfix
Signed-off-by: Tilman Schmidt <tilman@imap.cc>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-rw-r--r-- | drivers/isdn/gigaset/capi.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/isdn/gigaset/capi.c b/drivers/isdn/gigaset/capi.c index b7f2ebb5000..6b6c25d279b 100644 --- a/drivers/isdn/gigaset/capi.c +++ b/drivers/isdn/gigaset/capi.c @@ -1313,7 +1313,7 @@ static void do_connect_req(struct gigaset_capi_ctr *iif, } /* check parameter: CIP Value */ - if (cmsg->CIPValue > ARRAY_SIZE(cip2bchlc) || + if (cmsg->CIPValue >= ARRAY_SIZE(cip2bchlc) || (cmsg->CIPValue > 0 && cip2bchlc[cmsg->CIPValue].bc == NULL)) { dev_notice(cs->dev, "%s: unknown CIP value %d\n", "CONNECT_REQ", cmsg->CIPValue); |