leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[SCSI] gdth: Prevent negative offsets in ioctl CVE-2009-3080

Browse Source 
A negative offset could be used to index before the event buffer and
lead to a security breach.

Signed-off-by: Dave Jones <davej@redhat.com>
Cc: Stable Tree <stable@kernel.org>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
This commit is contained in:
Dave Jones 2009-10-19 19:55:13 -04:00 committed by James Bottomley
parent 198439e4af
commit 690e744869
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
drivers/scsi/gdth.c
View File

@ -2900,7 +2900,7 @@ static int gdth_read_event(gdth_ha_str *ha, int handle, gdth_evt_str *estr)
eindex = handle;
estr->event_source = 0;
if (eindex >= MAX_EVENTS) {
if (eindex < 0 || eindex >= MAX_EVENTS) {
spin_unlock_irqrestore(&ha->smp_lock, flags);
return eindex;
}