linux/drivers
KAMBAROV, ZAUR 9c101fd439 [PATCH] coverity: ipmi_msghandler() channels array overrun fix
We fix the check in 1084, which was

1084 			if (addr->channel > IPMI_NUM_CHANNELS) {
1085 				spin_lock_irqsave(&intf->counter_lock, flags);
1086 				intf->sent_invalid_commands++;
1087 				spin_unlock_irqrestore(&intf->counter_lock, flags);
1088 				rv = -EINVAL;
1089 				goto out_err;
1090 			}

addr->channel is used in

1092 			if (intf->channels[addr->channel].medium

Definitions involved:

221  		struct ipmi_channel channels[IPMI_MAX_CHANNELS];

134  	#define IPMI_MAX_CHANNELS       8

In /linux-2.6.12-rc6/include/linux/ipmi.h
148  	#define IPMI_NUM_CHANNELS 0x10

Signed-off-by: Zaur Kambarov <zkambarov@coverity.com>
Cc: Corey Minyard <minyard@acm.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-28 21:20:33 -07:00
..
acorn [PATCH] I2C: Kill address ranges in non-sensors i2c chip drivers 2005-06-21 21:51:48 -07:00
acpi [PATCH] acpi bridge hotadd: Export the interface to get PCI id for an ACPI handle 2005-06-27 21:52:42 -07:00
atm [ATM]: [drivers] kill pointless NULL checks and casts before kfree() 2005-06-02 13:04:07 -07:00
base [PATCH] request_firmware(): avoid race conditions 2005-06-28 21:20:30 -07:00
block [PATCH] ll_rw_blk: prevent huge request allocations 2005-06-28 14:56:50 -07:00
bluetooth [PATCH] pcmcia: id_table for dtl1_cs.c 2005-06-27 18:03:15 -07:00
cdrom [PATCH] drivers/cdrom/cm206.c: cleanups 2005-06-25 16:25:07 -07:00
char [PATCH] coverity: ipmi_msghandler() channels array overrun fix 2005-06-28 21:20:33 -07:00
cpufreq [PATCH] sysfs: (rest) if show/store is missing return -EIO 2005-06-20 15:15:03 -07:00
crypto
dio [PATCH] Driver Core: drivers/base - drivers/i2c/chips/adm1026.c: update device attribute callbacks 2005-06-20 15:15:32 -07:00
eisa [PATCH] Driver Core: drivers/base - drivers/i2c/chips/adm1026.c: update device attribute callbacks 2005-06-20 15:15:32 -07:00
fc4 fc4/fc: fix warnings and errors related to recent SCSI EH updates 2005-06-19 21:47:56 -04:00
firmware [PATCH] kfree cleanups for drivers/firmware/ 2005-06-25 16:25:06 -07:00
i2c [PATCH] I2C-MPC: Remove OCP device model support 2005-06-25 16:24:27 -07:00
ide [PATCH] pcmcia: more IDs for ide_cs 2005-06-27 18:03:12 -07:00
ieee1394 [PATCH] ppc32: Remove CONFIG_PMAC_PBOOK 2005-06-27 15:11:43 -07:00
infiniband [PATCH] IB: Fix pack/unpack when size_bits == 64 2005-06-27 15:11:47 -07:00
input Commit the manual part of the input layer merge. 2005-06-27 17:49:45 -07:00
isdn [PATCH] drivers/isdn/: make some code static 2005-06-28 21:20:31 -07:00
macintosh [PATCH] ppc32: Remove CONFIG_PMAC_PBOOK 2005-06-27 15:11:43 -07:00
mca [PATCH] unexport mca_find_device_by_slot 2005-06-25 16:24:56 -07:00
md [PATCH] md: bio leak fix 2005-06-28 14:53:41 -07:00
media [PATCH] fix silly config option. 2005-06-27 14:33:30 -07:00
message [PATCH] PCI: make drivers use the pci shutdown callback instead of the driver core callback. 2005-06-27 21:52:47 -07:00
misc [PATCH] ibmasm driver: fix race in command refcount logic 2005-06-21 19:07:35 -07:00
mmc [PATCH] Driver Core: drivers/i2c/chips/w83781d.c - drivers/s390/block/dcssblk.c: update device attribute callbacks 2005-06-20 15:15:34 -07:00
mtd [PATCH] pcmcia: id_table for pcmciamtd.c 2005-06-27 18:03:13 -07:00
net Merge master.kernel.org:/pub/scm/linux/kernel/git/gregkh/pci-2.6 2005-06-28 14:59:07 -07:00
nubus
oprofile [PATCH] oprofile: report anonymous region samples 2005-06-24 00:06:27 -07:00
parisc [PATCH] acpi bridge hotadd: ACPI based root bridge hot-add 2005-06-27 21:52:39 -07:00
parport [PATCH] pcmcia: id_table for parport_cs.c 2005-06-27 18:03:13 -07:00
pci [PATCH] cpqphp: fix oops during unload without probe 2005-06-27 21:52:46 -07:00
pcmcia [PATCH] ACPI-based PCI resources: PCMCIA bugfix, but resources missing in trees 2005-06-27 18:03:22 -07:00
pnp [PATCH] Cleanup patch for process freezing 2005-06-25 17:10:13 -07:00
s390 [PATCH] s390: debug feature changes 2005-06-25 16:24:37 -07:00
sbus [SPARC]: Eliminate local MIN/MAX macros in drivers/sbus/char/aurora.c 2005-05-15 16:01:50 -07:00
scsi [PATCH] coverity: i386: scsi_lib buffer overrun fix 2005-06-28 21:20:33 -07:00
serial [PATCH] pcmcia: more IDs for TDK multifunction cards 2005-06-27 18:03:17 -07:00
sh [PATCH] Driver Core: drivers/s390/net/qeth_sys.c - drivers/usb/gadget/pxa2xx_udc.c: update device attribute callbacks 2005-06-20 15:15:35 -07:00
sn [PATCH] ioc4: PCI bus speed detection 2005-06-21 18:46:32 -07:00
tc
telephony [PATCH] pcmcia: id_table for ixj_pcmcia.c 2005-06-27 18:03:16 -07:00
usb [PATCH] pcmcia id_table for sl811.cs 2005-06-27 18:03:17 -07:00
video [PATCH] ppc32: Remove CONFIG_PMAC_PBOOK 2005-06-27 15:11:43 -07:00
w1 [PATCH] Cleanup patch for process freezing 2005-06-25 17:10:13 -07:00
zorro [PATCH] Driver Core: drivers/usb/input/aiptek.c - drivers/zorro/zorro-sysfs.c: update device attribute callbacks 2005-06-20 15:15:35 -07:00
Kconfig [PATCH] ioc4: CONFIG split 2005-06-21 18:46:32 -07:00
Makefile [PATCH] ioc4: CONFIG split 2005-06-21 18:46:32 -07:00