gdth: Prevent negative offsets in ioctl CVE-2009-3080

commit 690e744869f3262855b83b4fb59199cf142765b0 upstream. A negative offset could be used to index before the event buffer and lead to a security breach. Signed-off-by: Dave Jones <davej@redhat.com> Signed-off-by: James Bottomley <James.Bottomley@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
author: Dave Jones <davej@redhat.com> 2009-10-19 19:55:13 -0400
committer: Greg Kroah-Hartman <gregkh@suse.de> 2009-12-08 11:17:03 -0800
commit: 664179bfb83f35f3f9a09a8b2323666882244d35 (patch)
tree: e4a1b84118a2697c9410f4d11fabe9c11fdad641 /drivers/scsi
parent: 9d4cf8bdc0b80550a2c7befff56b8f57acf0f9f7 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/scsi/gdth.c b/drivers/scsi/gdth.c
index 822d5214692b..4015499dad2a 100644
--- a/drivers/scsi/gdth.c
+++ b/drivers/scsi/gdth.c
@@ -2912,7 +2912,7 @@ static int gdth_read_event(gdth_ha_str *ha, int handle, gdth_evt_str *estr)
         eindex = handle;
     estr->event_source = 0;
 
-    if (eindex >= MAX_EVENTS) {
+    if (eindex < 0 || eindex >= MAX_EVENTS) {
         spin_unlock_irqrestore(&ha->smp_lock, flags);
         return eindex;
     }
author	Dave Jones <davej@redhat.com>	2009-10-19 19:55:13 -0400
committer	Greg Kroah-Hartman <gregkh@suse.de>	2009-12-08 11:17:03 -0800
commit	664179bfb83f35f3f9a09a8b2323666882244d35 (patch)
tree	e4a1b84118a2697c9410f4d11fabe9c11fdad641 /drivers/scsi
parent	9d4cf8bdc0b80550a2c7befff56b8f57acf0f9f7 (diff)