nvme-auth: fix off by one checks
authorDan Carpenter <dan.carpenter@oracle.com>
Mon, 18 Jul 2022 11:09:32 +0000 (14:09 +0300)
committerJens Axboe <axboe@kernel.dk>
Tue, 2 Aug 2022 23:22:48 +0000 (17:22 -0600)
The > ARRAY_SIZE() checks need to be >= ARRAY_SIZE() to prevent reading
one element beyond the end of the arrays.

Fixes: db1312dd9548 ("nvmet: implement basic In-Band Authentication")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
drivers/nvme/common/auth.c

index 94cc7ca..4b146ce 100644 (file)
@@ -55,7 +55,7 @@ static struct nvme_auth_dhgroup_map {
 
 const char *nvme_auth_dhgroup_name(u8 dhgroup_id)
 {
-       if (dhgroup_id > ARRAY_SIZE(dhgroup_map))
+       if (dhgroup_id >= ARRAY_SIZE(dhgroup_map))
                return NULL;
        return dhgroup_map[dhgroup_id].name;
 }
@@ -63,7 +63,7 @@ EXPORT_SYMBOL_GPL(nvme_auth_dhgroup_name);
 
 const char *nvme_auth_dhgroup_kpp(u8 dhgroup_id)
 {
-       if (dhgroup_id > ARRAY_SIZE(dhgroup_map))
+       if (dhgroup_id >= ARRAY_SIZE(dhgroup_map))
                return NULL;
        return dhgroup_map[dhgroup_id].kpp;
 }
@@ -110,7 +110,7 @@ static struct nvme_dhchap_hash_map {
 
 const char *nvme_auth_hmac_name(u8 hmac_id)
 {
-       if (hmac_id > ARRAY_SIZE(hash_map))
+       if (hmac_id >= ARRAY_SIZE(hash_map))
                return NULL;
        return hash_map[hmac_id].hmac;
 }
@@ -118,7 +118,7 @@ EXPORT_SYMBOL_GPL(nvme_auth_hmac_name);
 
 const char *nvme_auth_digest_name(u8 hmac_id)
 {
-       if (hmac_id > ARRAY_SIZE(hash_map))
+       if (hmac_id >= ARRAY_SIZE(hash_map))
                return NULL;
        return hash_map[hmac_id].digest;
 }
@@ -144,7 +144,7 @@ EXPORT_SYMBOL_GPL(nvme_auth_hmac_id);
 
 size_t nvme_auth_hmac_hash_len(u8 hmac_id)
 {
-       if (hmac_id > ARRAY_SIZE(hash_map))
+       if (hmac_id >= ARRAY_SIZE(hash_map))
                return 0;
        return hash_map[hmac_id].len;
 }