[PATCH] coverity: ipmi_msghandler() channels array overrun fix
authorKAMBAROV, ZAUR <kambarov@berkeley.edu>
Wed, 29 Jun 2005 03:45:08 +0000 (20:45 -0700)
committerLinus Torvalds <torvalds@ppc970.osdl.org>
Wed, 29 Jun 2005 04:20:33 +0000 (21:20 -0700)
commit9c101fd439dab60d6eba76afb35fd2696f42c63d
treef83da5a06a1af9be7539066536aa0b9bd4a4c69b
parenta77e3362a224212d9d3b9e6fdec44df2eef6cf92
[PATCH] coverity: ipmi_msghandler() channels array overrun fix

We fix the check in 1084, which was

1084  if (addr->channel > IPMI_NUM_CHANNELS) {
1085  spin_lock_irqsave(&intf->counter_lock, flags);
1086  intf->sent_invalid_commands++;
1087  spin_unlock_irqrestore(&intf->counter_lock, flags);
1088  rv = -EINVAL;
1089  goto out_err;
1090  }

addr->channel is used in

1092  if (intf->channels[addr->channel].medium

Definitions involved:

221   struct ipmi_channel channels[IPMI_MAX_CHANNELS];

134   #define IPMI_MAX_CHANNELS       8

In /linux-2.6.12-rc6/include/linux/ipmi.h
148   #define IPMI_NUM_CHANNELS 0x10

Signed-off-by: Zaur Kambarov <zkambarov@coverity.com>
Cc: Corey Minyard <minyard@acm.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
drivers/char/ipmi/ipmi_msghandler.c