Skip to content

Commit

Permalink
gigaset: correct range checking off by one error
Browse files Browse the repository at this point in the history 
Correct a potential array overrun due to an off by one error in the
range check on the CAPI CONNECT_REQ CIPValue parameter.
Found and reported by Dan Carpenter using smatch.

Impact: bugfix
Signed-off-by: Tilman Schmidt <tilman@imap.cc>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
Tilman Schmidt authored and David S. Miller committed Mar 16, 2010
1 parent 7f7708f commit 6ad3414
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion drivers/isdn/gigaset/capi.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1301,7 +1301,7 @@ static void do_connect_req(struct gigaset_capi_ctr *iif,
}

/* check parameter: CIP Value */
if (cmsg->CIPValue > ARRAY_SIZE(cip2bchlc) ||
if (cmsg->CIPValue >= ARRAY_SIZE(cip2bchlc) ||
(cmsg->CIPValue > 0 && cip2bchlc[cmsg->CIPValue].bc == NULL)) {
dev_notice(cs->dev, "%s: unknown CIP value %d\n",
"CONNECT_REQ", cmsg->CIPValue);
Expand Down

0 comments on commit 6ad3414

Please sign in to comment.