[PATCH] IPMI: fix issues reported by Coverity in ipmi_msghandler.c

While looking to the report by Coverity in ipmi, I came across the
following issue:

The IPMI message handler relies on two defines which are the same -one in
include/linux/ipmi.h
#define IPMI_NUM_CHANNELS 0x10
and one in drivers/char/ipmi/ipmi_msghandler.
#define IPMI_MAX_CHANNELS       16
These are used interchangeably in ipmi_msghandler.c, but since the array
addr->channels[] is of size IPMI_MAX_CHANNELS, I have made a patch that
uses IPMI_MAX_CHANNELS for all the checks for the array index.

NOTE: You could probably remove the line that defines IPMI_NUM_CHANNELS
from ipmi.h, or move IPMI_MAX_CHANNELS to ipmi.h

Signed-off-by: Jayachandran C. <c.jayachandran@gmail.com>
Cc: Corey Minyard <minyard@acm.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c
index 0097f06..d745004 100644 (file)
--- a/drivers/char/ipmi/ipmi_msghandler.c
+++ b/drivers/char/ipmi/ipmi_msghandler.c
@@ -481,7 +481,7 @@ int ipmi_validate_addr(struct ipmi_addr *addr, int len)
        }
 
        if ((addr->channel == IPMI_BMC_CHANNEL)
-           || (addr->channel >= IPMI_NUM_CHANNELS)
+           || (addr->channel >= IPMI_MAX_CHANNELS)
            || (addr->channel < 0))
                return -EINVAL;
 
@@ -1321,7 +1321,7 @@ static int i_ipmi_request(ipmi_user_t          user,
                unsigned char         ipmb_seq;
                long                  seqid;
 
-               if (addr->channel >= IPMI_NUM_CHANNELS) {
+               if (addr->channel >= IPMI_MAX_CHANNELS) {
                        spin_lock_irqsave(&intf->counter_lock, flags);
                        intf->sent_invalid_commands++;
                        spin_unlock_irqrestore(&intf->counter_lock, flags);