[patch] [SCSI] tcm_loop: off by one in tcm_loop_make_naa_tpg()

From: Dan Carpenter
Date: Mon Mar 28 2011 - 23:18:29 EST

Next message: Greg KH: "Re: 2.6.38.2: regression from 2.6.38: kernel BUG atfs/nfsd/nfs4state.c:380!"
Previous message: J. Bruce Fields: "Re: 2.6.38.2: regression from 2.6.38: kernel BUG atfs/nfsd/nfs4state.c:380!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is an off by one that could result in memory corruption.

Signed-off-by: Dan Carpenter <error27@xxxxxxxxx>

diff --git a/drivers/target/loopback/tcm_loop.c b/drivers/target/loopback/tcm_loop.c
index aed4e46..2bb5062 100644
--- a/drivers/target/loopback/tcm_loop.c
+++ b/drivers/target/loopback/tcm_loop.c
@@ -1239,7 +1239,7 @@ struct se_portal_group *tcm_loop_make_naa_tpg(
tpgt_str += 5; /* Skip ahead of "tpgt_" */
tpgt = (unsigned short int) simple_strtoul(tpgt_str, &end_ptr, 0);

- if (tpgt > TL_TPGS_PER_HBA) {
+ if (tpgt >= TL_TPGS_PER_HBA) {
printk(KERN_ERR "Passed tpgt: %hu exceeds TL_TPGS_PER_HBA:"
" %u\n", tpgt, TL_TPGS_PER_HBA);
return ERR_PTR(-EINVAL);
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg KH: "Re: 2.6.38.2: regression from 2.6.38: kernel BUG atfs/nfsd/nfs4state.c:380!"
Previous message: J. Bruce Fields: "Re: 2.6.38.2: regression from 2.6.38: kernel BUG atfs/nfsd/nfs4state.c:380!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]