[PATCH] IPMI: fix issues reported by Coverity in ipmi_msghandler.c
While looking to the report by Coverity in ipmi, I came across the following issue: The IPMI message handler relies on two defines which are the same -one in include/linux/ipmi.h #define IPMI_NUM_CHANNELS 0x10 and one in drivers/char/ipmi/ipmi_msghandler. #define IPMI_MAX_CHANNELS 16 These are used interchangeably in ipmi_msghandler.c, but since the array addr->channels[] is of size IPMI_MAX_CHANNELS, I have made a patch that uses IPMI_MAX_CHANNELS for all the checks for the array index. NOTE: You could probably remove the line that defines IPMI_NUM_CHANNELS from ipmi.h, or move IPMI_MAX_CHANNELS to ipmi.h Signed-off-by: Jayachandran C. <c.jayachandran@gmail.com> Cc: Corey Minyard <minyard@acm.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This commit is contained in:
Jayachandran C
Linus Torvalds
parent
db9a369ec1
commit
12fc1d7b4b
|
|
@ -481,7 +481,7 @@ int ipmi_validate_addr(struct ipmi_addr *addr, int len)
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((addr->channel == IPMI_BMC_CHANNEL)
|
if ((addr->channel == IPMI_BMC_CHANNEL)
|
||||||
|| (addr->channel >= IPMI_NUM_CHANNELS)
|
|| (addr->channel >= IPMI_MAX_CHANNELS)
|
||||||
|| (addr->channel < 0))
|
|| (addr->channel < 0))
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
|
|
@ -1321,7 +1321,7 @@ static int i_ipmi_request(ipmi_user_t user,
|
||||||
unsigned char ipmb_seq;
|
unsigned char ipmb_seq;
|
||||||
long seqid;
|
long seqid;
|
||||||
|
|
||||||
if (addr->channel >= IPMI_NUM_CHANNELS) {
|
if (addr->channel >= IPMI_MAX_CHANNELS) {
|
||||||
spin_lock_irqsave(&intf->counter_lock, flags);
|
spin_lock_irqsave(&intf->counter_lock, flags);
|
||||||
intf->sent_invalid_commands++;
|
intf->sent_invalid_commands++;
|
||||||
spin_unlock_irqrestore(&intf->counter_lock, flags);
|
spin_unlock_irqrestore(&intf->counter_lock, flags);
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue