Re: [patch] [SCSI] tcm_loop: off by one in tcm_loop_make_naa_tpg()

From: Nicholas A. Bellinger
Date: Sat Apr 02 2011 - 17:09:20 EST

Next message: Carsten Emde: "Re: Linux 2.6.33.8"
Previous message: Linus Walleij: "Re: [PATCH] arm: nomadik: avoid assigning u32 to bool"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 2011-03-29 at 06:18 +0300, Dan Carpenter wrote:
> This is an off by one that could result in memory corruption.
>
> Signed-off-by: Dan Carpenter <error27@xxxxxxxxx>
>

Hi Dan,

Apologies for the delayed response on here..

This has been included as commit fb9b35be into lio-core-2.6.git/lio-4.1
@ .39-rc1, and will get this queued to James as a 'for-39' mainline
bugfix item.

Thank you!

--nab

> diff --git a/drivers/target/loopback/tcm_loop.c b/drivers/target/loopback/tcm_loop.c
> index aed4e46..2bb5062 100644
> --- a/drivers/target/loopback/tcm_loop.c
> +++ b/drivers/target/loopback/tcm_loop.c
> @@ -1239,7 +1239,7 @@ struct se_portal_group *tcm_loop_make_naa_tpg(
> tpgt_str += 5; /* Skip ahead of "tpgt_" */
> tpgt = (unsigned short int) simple_strtoul(tpgt_str, &end_ptr, 0);
>
> - if (tpgt > TL_TPGS_PER_HBA) {
> + if (tpgt >= TL_TPGS_PER_HBA) {
> printk(KERN_ERR "Passed tpgt: %hu exceeds TL_TPGS_PER_HBA:"
> " %u\n", tpgt, TL_TPGS_PER_HBA);
> return ERR_PTR(-EINVAL);

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Carsten Emde: "Re: Linux 2.6.33.8"
Previous message: Linus Walleij: "Re: [PATCH] arm: nomadik: avoid assigning u32 to bool"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]