forked from luck/tmp_suning_uos_patched
[SCSI] gdth: Prevent negative offsets in ioctl CVE-2009-3080
A negative offset could be used to index before the event buffer and lead to a security breach. Signed-off-by: Dave Jones <davej@redhat.com> Cc: Stable Tree <stable@kernel.org> Signed-off-by: James Bottomley <James.Bottomley@suse.de>
This commit is contained in:
parent
198439e4af
commit
690e744869
|
@ -2900,7 +2900,7 @@ static int gdth_read_event(gdth_ha_str *ha, int handle, gdth_evt_str *estr)
|
||||||
eindex = handle;
|
eindex = handle;
|
||||||
estr->event_source = 0;
|
estr->event_source = 0;
|
||||||
|
|
||||||
if (eindex >= MAX_EVENTS) {
|
if (eindex < 0 || eindex >= MAX_EVENTS) {
|
||||||
spin_unlock_irqrestore(&ha->smp_lock, flags);
|
spin_unlock_irqrestore(&ha->smp_lock, flags);
|
||||||
return eindex;
|
return eindex;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user