gdth: Prevent negative offsets in ioctl CVE-2009-3080

commit 690e744869f3262855b83b4fb59199cf142765b0 upstream. A negative offset could be used to index before the event buffer and lead to a security breach. Signed-off-by: Dave Jones <davej@redhat.com> Signed-off-by: James Bottomley <James.Bottomley@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
author: Dave Jones <davej@redhat.com> 2009-10-19 19:55:13 -0400
committer: Greg Kroah-Hartman <gregkh@suse.de> 2009-12-08 10:20:55 -0800
commit: 174388981606378894ab74cae9467d5bbf0e5830 (patch)
tree: 490815425a0e7de466e0bf31d468affa32ad0068 /drivers/scsi
parent: 24fa7e7df85aae43e2ac0af24a56ca093a613460 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/scsi/gdth.c b/drivers/scsi/gdth.c
index 185e6bc4dd4..9e8fce0f0c1 100644
--- a/drivers/scsi/gdth.c
+++ b/drivers/scsi/gdth.c
@@ -2900,7 +2900,7 @@ static int gdth_read_event(gdth_ha_str *ha, int handle, gdth_evt_str *estr)
         eindex = handle;
     estr->event_source = 0;
 
-    if (eindex >= MAX_EVENTS) {
+    if (eindex < 0 || eindex >= MAX_EVENTS) {
         spin_unlock_irqrestore(&ha->smp_lock, flags);
         return eindex;
     }
author	Dave Jones <davej@redhat.com>	2009-10-19 19:55:13 -0400
committer	Greg Kroah-Hartman <gregkh@suse.de>	2009-12-08 10:20:55 -0800
commit	174388981606378894ab74cae9467d5bbf0e5830 (patch)
tree	490815425a0e7de466e0bf31d468affa32ad0068 /drivers/scsi
parent	24fa7e7df85aae43e2ac0af24a56ca093a613460 (diff)