linux-hardened/drivers/char/ipmi
KAMBAROV, ZAUR 9c101fd439 [PATCH] coverity: ipmi_msghandler() channels array overrun fix
We fix the check in 1084, which was

1084 			if (addr->channel > IPMI_NUM_CHANNELS) {
1085 				spin_lock_irqsave(&intf->counter_lock, flags);
1086 				intf->sent_invalid_commands++;
1087 				spin_unlock_irqrestore(&intf->counter_lock, flags);
1088 				rv = -EINVAL;
1089 				goto out_err;
1090 			}

addr->channel is used in

1092 			if (intf->channels[addr->channel].medium

Definitions involved:

221  		struct ipmi_channel channels[IPMI_MAX_CHANNELS];

134  	#define IPMI_MAX_CHANNELS       8

In /linux-2.6.12-rc6/include/linux/ipmi.h
148  	#define IPMI_NUM_CHANNELS 0x10

Signed-off-by: Zaur Kambarov <zkambarov@coverity.com>
Cc: Corey Minyard <minyard@acm.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-28 21:20:33 -07:00
..
ipmi_bt_sm.c [PATCH] ipmi: enable interrupts on the BT driver 2005-05-01 08:59:11 -07:00
ipmi_devintf.c [PATCH] ipmi: add 32-bit ioctl translations for 64-bit platforms 2005-06-24 00:05:24 -07:00
ipmi_kcs_sm.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ipmi_msghandler.c [PATCH] coverity: ipmi_msghandler() channels array overrun fix 2005-06-28 21:20:33 -07:00
ipmi_poweroff.c [PATCH] ipmi: use completions, not semaphores, in powerdown code 2005-06-24 00:05:23 -07:00
ipmi_si_intf.c [PATCH] ipmi iomem annotations and fixes 2005-05-04 07:33:15 -07:00
ipmi_si_sm.h [PATCH] ipmi iomem annotations and fixes 2005-05-04 07:33:15 -07:00
ipmi_smic_sm.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ipmi_watchdog.c [PATCH] ipmi: fix watchdog so the device can be reopened on an unexpected close 2005-05-01 08:59:11 -07:00
Kconfig Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
Makefile Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00