[SCSI] gdth: Prevent negative offsets in ioctl CVE-2009-3080

A negative offset could be used to index before the event buffer and lead to a security breach. Signed-off-by: Dave Jones <davej@redhat.com> Cc: Stable Tree <stable@kernel.org> Signed-off-by: James Bottomley <James.Bottomley@suse.de>

[SCSI] gdth: Prevent negative offsets in ioctl CVE-2009-3080
A negative offset could be used to index before the event buffer and lead to a security breach. Signed-off-by: Dave Jones <davej@redhat.com> Cc: Stable Tree <stable@kernel.org> Signed-off-by: James Bottomley <James.Bottomley@suse.de>
690e7448 · Dave Jones · James Bottomley · 198439e4 · 690e7448
Commit 690e7448 authored Oct 19, 2009 by Dave Jones Committed by James Bottomley Nov 11, 2009
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

drivers/scsi/gdth.c drivers/scsi/gdth.c +1 -1

No files found.
--- a/drivers/scsi/gdth.c
+++ b/drivers/scsi/gdth.c
@@ -2900,7 +2900,7 @@ static int gdth_read_event(gdth_ha_str *ha, int handle, gdth_evt_str *estr)
        eindex = handle;
    estr->event_source = 0;

-    if (eindex >= MAX_EVENTS) {
+    if (eindex < 0 || eindex >= MAX_EVENTS) {
        spin_unlock_irqrestore(&ha->smp_lock, flags);
        return eindex;
    }