s390/dasd: fix possible buffer overflow in copy_pair_show
authorStefan Haberland <sth@linux.ibm.com>
Wed, 23 Nov 2022 16:07:19 +0000 (17:07 +0100)
committerJens Axboe <axboe@kernel.dk>
Wed, 23 Nov 2022 17:37:37 +0000 (10:37 -0700)
dasd_copy_relation->entry[] array might be accessed out of bounds if the
loop does not break.

Fixes: a91ff09d39f9 ("s390/dasd: add copy pair setup")
Signed-off-by: Stefan Haberland <sth@linux.ibm.com>
Reviewed-by: Jan Hoeppner <hoeppner@linux.ibm.com>
Link: https://lore.kernel.org/r/20221123160719.3002694-5-sth@linux.ibm.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
drivers/s390/block/dasd_devmap.c

index cb83f81da41624552a26388efccdaf61cdceb888..df17f0f9cb0fc3cb4680e9557ade922b2d18a0f8 100644 (file)
@@ -1954,7 +1954,7 @@ dasd_copy_pair_show(struct device *dev,
                        break;
                }
        }
-       if (!copy->entry[i].primary)
+       if (i == DASD_CP_ENTRIES)
                goto out;
 
        /* print all secondary */