diff options
author | Alexander Usyskin <alexander.usyskin@intel.com> | 2014-02-17 14:13:22 +0100 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2014-02-18 19:05:07 +0100 |
commit | a27a76d3c07de08a0d0d298b6bc280c5b820e997 (patch) | |
tree | 35189df75481fe1422219ec453723548bed60680 /drivers/misc | |
parent | mei: wd and amthif use mei_cl_ api for dis/connection (diff) | |
download | linux-a27a76d3c07de08a0d0d298b6bc280c5b820e997.tar.xz linux-a27a76d3c07de08a0d0d298b6bc280c5b820e997.zip |
mei: fix potential read outside of array bounds
Drop not-very-useful check and with this
fix read on index that can be after array end.
Cleanup search function as byproduct.
Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/misc')
-rw-r--r-- | drivers/misc/mei/client.c | 23 |
1 files changed, 10 insertions, 13 deletions
diff --git a/drivers/misc/mei/client.c b/drivers/misc/mei/client.c index 8afba0534779..539e861abc1e 100644 --- a/drivers/misc/mei/client.c +++ b/drivers/misc/mei/client.c @@ -29,20 +29,21 @@ * mei_me_cl_by_uuid - locate index of me client * * @dev: mei device + * + * Locking: called under "dev->device_lock" lock + * * returns me client index or -ENOENT if not found */ int mei_me_cl_by_uuid(const struct mei_device *dev, const uuid_le *uuid) { - int i, res = -ENOENT; + int i; for (i = 0; i < dev->me_clients_num; ++i) if (uuid_le_cmp(*uuid, - dev->me_clients[i].props.protocol_name) == 0) { - res = i; - break; - } + dev->me_clients[i].props.protocol_name) == 0) + return i; - return res; + return -ENOENT; } @@ -60,16 +61,12 @@ int mei_me_cl_by_uuid(const struct mei_device *dev, const uuid_le *uuid) int mei_me_cl_by_id(struct mei_device *dev, u8 client_id) { int i; + for (i = 0; i < dev->me_clients_num; i++) if (dev->me_clients[i].client_id == client_id) - break; - if (WARN_ON(dev->me_clients[i].client_id != client_id)) - return -ENOENT; + return i; - if (i == dev->me_clients_num) - return -ENOENT; - - return i; + return -ENOENT; } |