| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20211210070217.188697-1-yinxiujiang@kylinos.cn>
Date: Fri, 10 Dec 2021 15:02:17 +0800
From: Yin Xiujiang <yinxiujiang@...inos.cn>
To: hca@...ux.ibm.com, gor@...ux.ibm.com, borntraeger@...ibm.com,
agordeev@...ux.ibm.com
Cc: linux-s390@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH] s390/3215: fix the array may be out of bounds
if the variable 'line' is NR_3215,
the 'raw3215[line]' will be invalid
Signed-off-by: Yin Xiujiang <yinxiujiang@...inos.cn>
---
drivers/s390/char/con3215.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/s390/char/con3215.c b/drivers/s390/char/con3215.c
index f356607835d8..29409d4ca4d5 100644
--- a/drivers/s390/char/con3215.c
+++ b/drivers/s390/char/con3215.c
@@ -687,7 +687,8 @@ static void raw3215_remove (struct ccw_device *cdev)
for (line = 0; line < NR_3215; line++)
if (raw3215[line] == raw)
break;
- raw3215[line] = NULL;
+ if (line < NR_3215)
+ raw3215[line] = NULL;
spin_unlock(&raw3215_device_lock);
dev_set_drvdata(&cdev->dev, NULL);
raw3215_free_info(raw);
--
2.30.0
Powered by blists - more mailing lists