linux/drivers
Jesper Juhl a0a74e4505 [SCSI] lpfc: fix potential overflow of hbqs array
The Coverity checker noticed that we may overrun a statically allocated
array in drivers/scsi/lpfc/lpfc_sli.c::lpfc_sli_hbqbuf_find().

The case is this; In 'struct lpfc_hba' we have

	#define LPFC_MAX_HBQS  4
	...
	struct lpfc_hba {
		...
		struct hbq_s hbqs[LPFC_MAX_HBQS];
		...
	};

But then in lpfc_sli_hbqbuf_find() we have this code

	hbqno = tag >> 16;
	if (hbqno > LPFC_MAX_HBQS)
		return NULL;

if 'hbqno' ends up as exactely 4, then we won't return, and then this

	list_for_each_entry(d_buf, &phba->hbqs[hbqno].hbq_buffer_list, list) {

will cause an overflow of the statically allocated array at index 4,
since the valid indices are only 0-3.

I propose this patch, that simply changes the 'hbqno > LPFC_MAX_HBQS'
into 'hbqno >= LPFC_MAX_HBQS' as a possible fix.

Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
Acked-by: James Smart <James.Smart@Emulex.Com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-10-12 14:40:03 -04:00
..
acorn/char Remove the arm26 port 2007-07-31 15:39:39 -07:00
acpi ACPI: EC: Fix "no battery" regression 2007-08-14 01:03:42 -04:00
amba
ata [ARM] pata_icside: fix the FIXMEs 2007-08-06 16:10:54 +01:00
atm [ATM] drivers/atm/iphase.c: mostly kmalloc + memset conversion to kzalloc 2007-08-13 22:52:13 -07:00
auxdisplay Use menuconfig objects II - auxdisplay 2007-07-16 09:05:40 -07:00
base CPU online file permission 2007-07-31 15:39:39 -07:00
block sysace: HDIO_GETGEO has it's own method for ages 2007-08-11 22:34:48 +02:00
bluetooth [Bluetooth] Remove the redundant non-seekable llseek method 2007-07-11 06:53:45 +02:00
cdrom [BLOCK] Get rid of request_queue_t typedef 2007-07-24 09:28:11 +02:00
char pull asus sony thinkpad into release branch 2007-08-12 00:17:12 -04:00
clocksource x86_64: fix typo in acpi_pm.c 2007-07-21 18:37:12 -07:00
connector Use menuconfig objects: connector 2007-07-16 09:05:40 -07:00
cpufreq [CPUFREQ] Restore previously used governor on a hot-replugged CPU 2007-07-13 01:29:51 -04:00
crypto Use menuconfig objects: crypto hw 2007-07-16 09:05:40 -07:00
dio
dma [NET_DMA]: remove unused dma_memcpy_to_kernel_iovec 2007-07-31 02:28:03 -07:00
edac drivers/edac: fix pasemi kconfig depends 2007-07-26 11:35:18 -07:00
eisa
fc4 [SCSI] fc4: convert to use the data buffer accessors 2007-10-12 14:40:00 -04:00
firewire firewire: fw-core: make two variables static 2007-08-02 20:34:17 +02:00
firmware edd: switch to pci_get based API 2007-07-16 09:05:42 -07:00
hid HID: Never call hid_free_buffers() when usbhid_device has been freed 2007-08-02 13:48:04 +02:00
hwmon hwmon: fscher read control bugfix 2007-07-30 21:14:00 -04:00
i2c i2c-s3c2410: Build fix 2007-08-14 18:37:15 +02:00
ide scc_pata: PIO fixes 2007-08-01 23:46:46 +02:00
ieee1394 ieee1394: sbp2: more correct Kconfig dependencies 2007-08-02 20:34:16 +02:00
infiniband [SCSI] transport_srp: add rport roles attribute 2007-10-12 14:37:46 -04:00
input [MIPS] Fixup secure computing stuff. 2007-07-31 21:35:21 +01:00
isdn Remove 'isdn_* is defined but unused' warnings 2007-07-31 15:39:44 -07:00
kvm KVM: x86 emulator: fix debug reg mov instructions 2007-08-06 17:54:41 -07:00
leds leds: Convert from struct class_device to struct device 2007-07-16 01:15:51 +01:00
lguest i386: Make patching more robust, fix paravirt issue 2007-08-11 15:58:13 -07:00
macintosh [POWERPC] Clean up duplicate includes in drivers/macintosh/ 2007-07-22 21:31:00 +10:00
mca
md Fix remap handling by blktrace 2007-08-11 22:34:48 +02:00
media V4L/DVB (5939): dvb-pll: make struct dvb_pll_fcv1236d static 2007-07-30 16:26:37 -03:00
message Merge master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6 2007-08-06 17:48:34 -07:00
mfd some kmalloc/memset ->kzalloc (tree wide) 2007-07-19 10:04:50 -07:00
misc pull asus sony thinkpad into release branch 2007-08-12 00:17:12 -04:00
mmc mmc: at91_mci: remove whitespace at the end of lines 2007-08-09 16:13:44 +02:00
mtd mtdchar build fix 2007-08-11 15:47:41 -07:00
net Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2007-08-14 09:31:19 -07:00
nubus some kmalloc/memset ->kzalloc (tree wide) 2007-07-19 10:04:50 -07:00
of Create drivers/of/platform.c 2007-07-20 14:25:51 +10:00
oprofile [CELL] oprofile: add support to OProfile for profiling CELL BE SPUs 2007-07-20 21:42:24 +02:00
parisc serial: add early_serial_setup() back to header file 2007-07-18 08:38:22 -07:00
parport parport_pc locking fix 2007-07-31 15:39:37 -07:00
pci pci: rename __pci_reenable_device() to pci_reenable_device() 2007-08-01 10:00:56 -04:00
pcmcia pcmcia: give socket time to power down 2007-07-31 15:39:38 -07:00
pnp ACPI: restore CONFIG_ACPI_SLEEP 2007-07-29 16:53:59 -07:00
power Don't compile the PMU power driver on 64-bit PowerPC 2007-07-23 12:42:45 +01:00
ps3 [POWERPC] PS3: Storage Driver Core 2007-06-28 19:19:20 +10:00
rapidio some kmalloc/memset ->kzalloc (tree wide) 2007-07-19 10:04:50 -07:00
rtc rtc-m48t59 driver NO_IRQ mode fixup 2007-07-31 15:39:44 -07:00
s390 [SCSI] zfcp: fix the data buffer accessor patch 2007-08-15 12:28:44 -05:00
sbus Videopix Frame Grabber: Fix unreleased lock in vfc_debug() 2007-07-31 15:39:43 -07:00
scsi [SCSI] lpfc: fix potential overflow of hbqs array 2007-10-12 14:40:03 -04:00
serial serial: fix 8250 early console setup 2007-08-03 15:02:56 -07:00
sh some kmalloc/memset ->kzalloc (tree wide) 2007-07-19 10:04:50 -07:00
sn some kmalloc/memset ->kzalloc (tree wide) 2007-07-19 10:04:50 -07:00
spi spidev warning fix 2007-08-11 15:47:42 -07:00
tc zs: move to the serial subsystem 2007-07-18 08:38:22 -07:00
telephony some kmalloc/memset ->kzalloc (tree wide) 2007-07-19 10:04:50 -07:00
uio UIO: Hilscher CIF card driver 2007-07-18 15:57:16 -07:00
usb [SCSI] microtek: use data accessors and !use_sg cleanup 2007-10-12 14:38:21 -04:00
video matroxfb: rectify jitter (G450/G550) 2007-08-11 15:47:40 -07:00
w1 drivers/ misc __iomem annotations 2007-07-26 11:11:57 -07:00
xen xenbus_xs.c: fix a use-after-free 2007-07-26 11:35:17 -07:00
zorro sysfs: add parameter "struct bin_attribute *" in .read/.write methods for sysfs binary attributes 2007-07-11 16:09:09 -07:00
Kconfig Begin to consolidate of_device.c 2007-07-20 13:39:59 +10:00
Makefile [WATCHDOG] Fix pcwd_init_module crash 2007-07-29 18:58:39 +00:00