]> www.infradead.org Git - users/jedix/linux-maple.git/commitdiff
projects / users / jedix / linux-maple.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d5e660b)
[IA64] hpsim: Fix check for overlong simscsi prefix.
authorChen Gang <gang.chen@asianux.com>
Thu, 30 May 2013 02:35:34 +0000 (10:35 +0800)
committerTony Luck <tony.luck@intel.com>
Mon, 3 Jun 2013 23:09:43 +0000 (16:09 -0700)
When "strlen(s) > MAX_ROOT_LEN", it has already said to use the default
value, but in fact, it still use the input value.

If happens, next sprintf() for 'fname' in simscsi_queuecommand_lck()
may be memory overflow.

Signed-off-by: Chen Gang <gang.chen@asianux.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
arch/ia64/hp/sim/simscsi.c patch | blob | history

diff --git a/arch/ia64/hp/sim/simscsi.c b/arch/ia64/hp/sim/simscsi.c
index 331de723c6767f264e8ee682fcb73aa44d4a7bf7..3a428f19a00116ad963f7cdae2ddf469ec21a054 100644 (file)
--- a/arch/ia64/hp/sim/simscsi.c
+++ b/arch/ia64/hp/sim/simscsi.c
@@ -88,8 +88,8 @@ simscsi_setup (char *s)
        if (strlen(s) > MAX_ROOT_LEN) {
                printk(KERN_ERR "simscsi_setup: prefix too long---using default %s\n",
                       simscsi_root);
-       }
-       simscsi_root = s;
+       } else
+               simscsi_root = s;
        return 1;
 }
 
Unnamed repository; edit this file 'description' to name the repository.