From 12fc1d7b4b08a80776de3073439a09f54ce31f8f Mon Sep 17 00:00:00 2001 From: Jayachandran C Date: Fri, 3 Feb 2006 03:04:51 -0800 Subject: [PATCH] IPMI: fix issues reported by Coverity in ipmi_msghandler.c While looking to the report by Coverity in ipmi, I came across the following issue: The IPMI message handler relies on two defines which are the same -one in include/linux/ipmi.h #define IPMI_NUM_CHANNELS 0x10 and one in drivers/char/ipmi/ipmi_msghandler. #define IPMI_MAX_CHANNELS 16 These are used interchangeably in ipmi_msghandler.c, but since the array addr->channels[] is of size IPMI_MAX_CHANNELS, I have made a patch that uses IPMI_MAX_CHANNELS for all the checks for the array index. NOTE: You could probably remove the line that defines IPMI_NUM_CHANNELS from ipmi.h, or move IPMI_MAX_CHANNELS to ipmi.h Signed-off-by: Jayachandran C. Cc: Corey Minyard Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- drivers/char/ipmi/ipmi_msghandler.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'drivers/char/ipmi') diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c index 0097f06fa67b..d745004281d0 100644 --- a/drivers/char/ipmi/ipmi_msghandler.c +++ b/drivers/char/ipmi/ipmi_msghandler.c @@ -481,7 +481,7 @@ int ipmi_validate_addr(struct ipmi_addr *addr, int len) } if ((addr->channel == IPMI_BMC_CHANNEL) - || (addr->channel >= IPMI_NUM_CHANNELS) + || (addr->channel >= IPMI_MAX_CHANNELS) || (addr->channel < 0)) return -EINVAL; @@ -1321,7 +1321,7 @@ static int i_ipmi_request(ipmi_user_t user, unsigned char ipmb_seq; long seqid; - if (addr->channel >= IPMI_NUM_CHANNELS) { + if (addr->channel >= IPMI_MAX_CHANNELS) { spin_lock_irqsave(&intf->counter_lock, flags); intf->sent_invalid_commands++; spin_unlock_irqrestore(&intf->counter_lock, flags); -- cgit v1.2.3