From: Jayachandran C Date: Fri, 3 Feb 2006 11:04:51 +0000 (-0800) Subject: [PATCH] IPMI: fix issues reported by Coverity in ipmi_msghandler.c X-Git-Tag: v2.6.16-rc3~221 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=12fc1d7b4b08a80776de3073439a09f54ce31f8f;p=linux-2.6 [PATCH] IPMI: fix issues reported by Coverity in ipmi_msghandler.c While looking to the report by Coverity in ipmi, I came across the following issue: The IPMI message handler relies on two defines which are the same -one in include/linux/ipmi.h #define IPMI_NUM_CHANNELS 0x10 and one in drivers/char/ipmi/ipmi_msghandler. #define IPMI_MAX_CHANNELS 16 These are used interchangeably in ipmi_msghandler.c, but since the array addr->channels[] is of size IPMI_MAX_CHANNELS, I have made a patch that uses IPMI_MAX_CHANNELS for all the checks for the array index. NOTE: You could probably remove the line that defines IPMI_NUM_CHANNELS from ipmi.h, or move IPMI_MAX_CHANNELS to ipmi.h Signed-off-by: Jayachandran C. Cc: Corey Minyard Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c index 0097f06fa6..d745004281 100644 --- a/drivers/char/ipmi/ipmi_msghandler.c +++ b/drivers/char/ipmi/ipmi_msghandler.c @@ -481,7 +481,7 @@ int ipmi_validate_addr(struct ipmi_addr *addr, int len) } if ((addr->channel == IPMI_BMC_CHANNEL) - || (addr->channel >= IPMI_NUM_CHANNELS) + || (addr->channel >= IPMI_MAX_CHANNELS) || (addr->channel < 0)) return -EINVAL; @@ -1321,7 +1321,7 @@ static int i_ipmi_request(ipmi_user_t user, unsigned char ipmb_seq; long seqid; - if (addr->channel >= IPMI_NUM_CHANNELS) { + if (addr->channel >= IPMI_MAX_CHANNELS) { spin_lock_irqsave(&intf->counter_lock, flags); intf->sent_invalid_commands++; spin_unlock_irqrestore(&intf->counter_lock, flags);