tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
nvme-auth: fix off by one checks
The > ARRAY_SIZE() checks need to be >= ARRAY_SIZE() to prevent reading
one element beyond the end of the arrays.
Fixes: db1312dd9548 ("nvmet: implement basic In-Band Authentication")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
authored by
Dan Carpenter
and committed by
Jens Axboe
4daf7fa0
a25d4261
+5
-5
+5
-5
drivers/nvme/common/auth.c
+5
-5
drivers/nvme/common/auth.c
···
55
55
56
56
const char *nvme_auth_dhgroup_name(u8 dhgroup_id)
57
57
{
58
-
if (dhgroup_id > ARRAY_SIZE(dhgroup_map))
58
+
if (dhgroup_id >= ARRAY_SIZE(dhgroup_map))
59
59
return NULL;
60
60
return dhgroup_map[dhgroup_id].name;
61
61
}
···
63
63
64
64
const char *nvme_auth_dhgroup_kpp(u8 dhgroup_id)
65
65
{
66
-
if (dhgroup_id > ARRAY_SIZE(dhgroup_map))
66
+
if (dhgroup_id >= ARRAY_SIZE(dhgroup_map))
67
67
return NULL;
68
68
return dhgroup_map[dhgroup_id].kpp;
69
69
}
···
110
110
111
111
const char *nvme_auth_hmac_name(u8 hmac_id)
112
112
{
113
-
if (hmac_id > ARRAY_SIZE(hash_map))
113
+
if (hmac_id >= ARRAY_SIZE(hash_map))
114
114
return NULL;
115
115
return hash_map[hmac_id].hmac;
116
116
}
···
118
118
119
119
const char *nvme_auth_digest_name(u8 hmac_id)
120
120
{
121
-
if (hmac_id > ARRAY_SIZE(hash_map))
121
+
if (hmac_id >= ARRAY_SIZE(hash_map))
122
122
return NULL;
123
123
return hash_map[hmac_id].digest;
124
124
}
···
144
144
145
145
size_t nvme_auth_hmac_hash_len(u8 hmac_id)
146
146
{
147
-
if (hmac_id > ARRAY_SIZE(hash_map))
147
+
if (hmac_id >= ARRAY_SIZE(hash_map))
148
148
return 0;
149
149
return hash_map[hmac_id].len;
150
150
}