projects / platform / upstream / kernel-adaptation-pc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 198439e)
[SCSI] gdth: Prevent negative offsets in ioctl CVE-2009-3080
authorDave Jones <davej@redhat.com>
Mon, 19 Oct 2009 23:55:13 +0000 (19:55 -0400)
committerJames Bottomley <James.Bottomley@suse.de>
Wed, 11 Nov 2009 17:14:21 +0000 (12:14 -0500)
A negative offset could be used to index before the event buffer and
lead to a security breach.

Signed-off-by: Dave Jones <davej@redhat.com>
Cc: Stable Tree <stable@kernel.org>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
drivers/scsi/gdth.c patch | blob | history

diff --git a/drivers/scsi/gdth.c b/drivers/scsi/gdth.c
index 185e6bc..9e8fce0 100644 (file)
--- a/drivers/scsi/gdth.c
+++ b/drivers/scsi/gdth.c
@@ -2900,7 +2900,7 @@ static int gdth_read_event(gdth_ha_str *ha, int handle, gdth_evt_str *estr)
         eindex = handle;
     estr->event_source = 0;
 
-    if (eindex >= MAX_EVENTS) {
+    if (eindex < 0 || eindex >= MAX_EVENTS) {
         spin_unlock_irqrestore(&ha->smp_lock, flags);
         return eindex;
     }
Domain: System / Uncategorized;