From 7cafbf1bd56be44038148bb8f733ea6e6a6a2d53 Mon Sep 17 00:00:00 2001
From: Maciej Patelczyk <maciej.patelczyk@intel.com>
Date: Tue, 21 Jun 2011 22:03:13 +0000
Subject: [PATCH] isci: possible buffer overflow in isci_parse_oem_parameters
 fixed

scu_index is a parameter of isci_parse_eom_parameters and is an index
in controller table. There is a check: scu_index > SCI_MAX_CONTROLLERS
which is insufficient and should be: scu_index >= SCI_MAX_CONTROLLERS.
scu_index is used as an index in the table which size is
SCI_MAX_CONTROLLERS.

Signed-off-by: Maciej Patelczyk <maciej.patelczyk@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
---
 drivers/scsi/isci/probe_roms.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/scsi/isci/probe_roms.c b/drivers/scsi/isci/probe_roms.c
index bc52a61..99b13c1 100644
--- a/drivers/scsi/isci/probe_roms.c
+++ b/drivers/scsi/isci/probe_roms.c
@@ -125,7 +125,7 @@ enum sci_status isci_parse_oem_parameters(union scic_oem_parameters *oem_params,
 					  struct isci_orom *orom, int scu_index)
 {
 	/* check for valid inputs */
-	if (scu_index < 0 || scu_index > SCI_MAX_CONTROLLERS ||
+	if (scu_index < 0 || scu_index >= SCI_MAX_CONTROLLERS ||
 	    scu_index > orom->hdr.num_elements || !oem_params)
 		return -EINVAL;
 
-- 
2.7.4