Re: [PATCH] snic: correctly check for array overrun on overly long version number

From: Martin K. Petersen
Date: Tue Mar 01 2016 - 20:10:02 EST

Next message: Greg Kroah-Hartman: "[PATCH 4.4 111/342] rtlwifi: rtl8188ee: Fix module parameter initialization"
Previous message: Greg Kroah-Hartman: "[PATCH 4.4 091/342] Btrfs: fix number of transaction units required to create symlink"
In reply to: Ewan Milne: "Re: [PATCH] snic: correctly check for array overrun on overly long version number"
Next in thread: Narsimhulu Musini (nmusini): "Re: [PATCH] snic: correctly check for array overrun on overly long version number"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>>>>> "Colin" == Colin King <colin.king@xxxxxxxxxxxxx> writes:

Colin> The snic version number is expected to be 4 decimals in the form
Colin> like a netmask string with each number stored in an element in
Colin> array v. However, there is an off-by-one check on the number of
Colin> elements in v allowing one to pass a 5 decimal version number
Colin> causing v[4] to be referenced, causing a buffer overrun. Fix the
Colin> off-by-one error by comparing to i > 3 rather than 4.

Applied to 4.6/scsi-queue.

--
Martin K. Petersen Oracle Linux Engineering

Next message: Greg Kroah-Hartman: "[PATCH 4.4 111/342] rtlwifi: rtl8188ee: Fix module parameter initialization"
Previous message: Greg Kroah-Hartman: "[PATCH 4.4 091/342] Btrfs: fix number of transaction units required to create symlink"
In reply to: Ewan Milne: "Re: [PATCH] snic: correctly check for array overrun on overly long version number"
Next in thread: Narsimhulu Musini (nmusini): "Re: [PATCH] snic: correctly check for array overrun on overly long version number"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]