kernel / kernel-source

Clone
Source Code
GIT

Files

  1.   d505bb034d2fed017cc8dfb06e09c129d8481213
  2.   patches.suse
  3.   s390-dasd-fix-possible-buffer-overflow-in-copy_pair_show
Blob Blame History Raw 
From: Stefan Haberland <sth@linux.ibm.com>
Date: Wed, 23 Nov 2022 17:07:19 +0100
Subject: s390/dasd: fix possible buffer overflow in copy_pair_show
Git-commit: 7e8a05b47ba7200f333eefd19979eeb4d273ceec
Patch-mainline: v6.1-rc7
References: jsc#PED-599

dasd_copy_relation->entry[] array might be accessed out of bounds if the
loop does not break.

Fixes: a91ff09d39f9 ("s390/dasd: add copy pair setup")
Signed-off-by: Stefan Haberland <sth@linux.ibm.com>
Reviewed-by: Jan Hoeppner <hoeppner@linux.ibm.com>
Link: https://lore.kernel.org/r/20221123160719.3002694-5-sth@linux.ibm.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Acked-by: Petr Tesarik <ptesarik@suse.com>
---
 drivers/s390/block/dasd_devmap.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/s390/block/dasd_devmap.c
+++ b/drivers/s390/block/dasd_devmap.c
@@ -1957,7 +1957,7 @@ dasd_copy_pair_show(struct device *dev,
 			break;
 		}
 	}
-	if (!copy->entry[i].primary)
+	if (i == DASD_CP_ENTRIES)
 		goto out;
 
 	/* print all secondary */
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.