Commit 690e7448 authored by Dave Jones's avatar Dave Jones Committed by James Bottomley
Browse files

[SCSI] gdth: Prevent negative offsets in ioctl CVE-2009-3080 



A negative offset could be used to index before the event buffer and
lead to a security breach.

Signed-off-by: default avatarDave Jones <davej@redhat.com>
Cc: Stable Tree <stable@kernel.org>
Signed-off-by: default avatarJames Bottomley <James.Bottomley@suse.de>
parent 198439e4

drivers/scsi/gdth.c

+1 −1
Original line number Diff line number Diff line
@@ -2900,7 +2900,7 @@ static int gdth_read_event(gdth_ha_str *ha, int handle, gdth_evt_str *estr) 
        eindex = handle;

    estr->event_source = 0;



    if (eindex >= MAX_EVENTS) {

    if (eindex < 0 || eindex >= MAX_EVENTS) {

        spin_unlock_irqrestore(&ha->smp_lock, flags);

        return eindex;

    }

CRA Git | Maintained and supported by SUSTech CRA and CCSE