[SCSI] libfcoe: fix possible buffer overflow in fcoe_transport_show
authorYi Zou <yi.zou@intel.com>
Fri, 1 Apr 2011 23:06:25 +0000 (16:06 -0700)
committerJames Bottomley <James.Bottomley@suse.de>
Sun, 1 May 2011 15:20:45 +0000 (10:20 -0500)
possible buffer overflow in fcoe_transport_show when reaching the end of
buffer and crossing PAGE_SIZE boundary.

Signed-off-by: Yi Zou <yi.zou@intel.com>
Signed-off-by: Tomas Henzl <thenzl@redhat.com>
Tested-by: Ross Brattain <ross.b.brattain@intel.com>
Signed-off-by: Robert Love <robert.w.love@intel.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
drivers/scsi/fcoe/fcoe_transport.c

index ec0f395..538f299 100644 (file)
@@ -385,9 +385,9 @@ static int fcoe_transport_show(char *buffer, const struct kernel_param *kp)
        i = j = sprintf(buffer, "Attached FCoE transports:");
        mutex_lock(&ft_mutex);
        list_for_each_entry(ft, &fcoe_transports, list) {
-               i += snprintf(&buffer[i], IFNAMSIZ, "%s ", ft->name);
-               if (i >= PAGE_SIZE)
+               if (i >= PAGE_SIZE - IFNAMSIZ)
                        break;
+               i += snprintf(&buffer[i], IFNAMSIZ, "%s ", ft->name);
        }
        mutex_unlock(&ft_mutex);
        if (i == j)