summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorCorey Minyard <cminyard@mvista.com>2019-12-23 17:42:19 +0100
committerCorey Minyard <cminyard@mvista.com>2019-12-23 17:42:19 +0100
commit6b8526d3abc02c08a2f888e8c20b7ac9e5776dfe (patch)
treee9275170adf2cca9e2458039333dcc69f65a46eb
parentdrivers: ipmi: Modify max length of IPMB packet (diff)
downloadlinux-6b8526d3abc02c08a2f888e8c20b7ac9e5776dfe.tar.xz
linux-6b8526d3abc02c08a2f888e8c20b7ac9e5776dfe.zip
ipmi:ssif: Handle a possible NULL pointer reference
In error cases a NULL can be passed to memcpy. The length will always be zero, so it doesn't really matter, but go ahead and check for NULL, anyway, to be more precise and avoid static analysis errors. Reported-by: kbuild test robot <lkp@intel.com> Signed-off-by: Corey Minyard <cminyard@mvista.com>
-rw-r--r--drivers/char/ipmi/ipmi_ssif.c10
1 files changed, 7 insertions, 3 deletions
diff --git a/drivers/char/ipmi/ipmi_ssif.c b/drivers/char/ipmi/ipmi_ssif.c
index 22c6a2e61236..8ac390c2b514 100644
--- a/drivers/char/ipmi/ipmi_ssif.c
+++ b/drivers/char/ipmi/ipmi_ssif.c
@@ -775,10 +775,14 @@ static void msg_done_handler(struct ssif_info *ssif_info, int result,
flags = ipmi_ssif_lock_cond(ssif_info, &oflags);
msg = ssif_info->curr_msg;
if (msg) {
+ if (data) {
+ if (len > IPMI_MAX_MSG_LENGTH)
+ len = IPMI_MAX_MSG_LENGTH;
+ memcpy(msg->rsp, data, len);
+ } else {
+ len = 0;
+ }
msg->rsp_size = len;
- if (msg->rsp_size > IPMI_MAX_MSG_LENGTH)
- msg->rsp_size = IPMI_MAX_MSG_LENGTH;
- memcpy(msg->rsp, data, msg->rsp_size);
ssif_info->curr_msg = NULL;
}