This patch fixes several off by one errors found by the Coverity checker
(ippp_table has ISDN_MAX_CHANNELS elements).
Signed-off-by: Adrian Bunk <[email protected]>
---
drivers/isdn/i4l/isdn_ppp.c | 10 +++++-----
1 files changed, 5 insertions(+), 5 deletions(-)
--- linux-2.6.12-rc1-mm1-full/drivers/isdn/i4l/isdn_ppp.c.old 2005-03-23 02:40:11.000000000 +0100
+++ linux-2.6.12-rc1-mm1-full/drivers/isdn/i4l/isdn_ppp.c 2005-03-23 02:46:02.000000000 +0100
@@ -981,13 +981,13 @@ void isdn_ppp_receive(isdn_net_dev * net
int proto;
if (net_dev->local->master)
BUG(); // we're called with the master device always
slot = lp->ppp_slot;
- if (slot < 0 || slot > ISDN_MAX_CHANNELS) {
+ if (slot < 0 || slot >= ISDN_MAX_CHANNELS) {
printk(KERN_ERR "isdn_ppp_receive: lp->ppp_slot(%d)\n",
lp->ppp_slot);
kfree_skb(skb);
return;
}
is = ippp_table[slot];
@@ -1036,13 +1036,13 @@ isdn_ppp_push_higher(isdn_net_dev * net_
struct net_device *dev = &net_dev->dev;
struct ippp_struct *is, *mis;
isdn_net_local *mlp = NULL;
int slot;
slot = lp->ppp_slot;
- if (slot < 0 || slot > ISDN_MAX_CHANNELS) {
+ if (slot < 0 || slot >= ISDN_MAX_CHANNELS) {
printk(KERN_ERR "isdn_ppp_push_higher: lp->ppp_slot(%d)\n",
lp->ppp_slot);
goto drop_packet;
}
is = ippp_table[slot];
@@ -1231,13 +1231,13 @@ isdn_ppp_xmit(struct sk_buff *skb, struc
int slot, retval = 0;
mlp = (isdn_net_local *) (netdev->priv);
nd = mlp->netdev; /* get master lp */
slot = mlp->ppp_slot;
- if (slot < 0 || slot > ISDN_MAX_CHANNELS) {
+ if (slot < 0 || slot >= ISDN_MAX_CHANNELS) {
printk(KERN_ERR "isdn_ppp_xmit: lp->ppp_slot(%d)\n",
mlp->ppp_slot);
kfree_skb(skb);
goto out;
}
ipts = ippp_table[slot];
@@ -1879,13 +1879,13 @@ void isdn_ppp_mp_reassembly( isdn_net_de
{
ippp_bundle * mp = net_dev->pb;
int proto;
struct sk_buff * skb;
unsigned int tot_len;
- if (lp->ppp_slot < 0 || lp->ppp_slot > ISDN_MAX_CHANNELS) {
+ if (lp->ppp_slot < 0 || lp->ppp_slot >= ISDN_MAX_CHANNELS) {
printk(KERN_ERR "%s: lp->ppp_slot(%d) out of range\n",
__FUNCTION__, lp->ppp_slot);
return;
}
if( MP_FLAGS(from) == (MP_BEGIN_FRAG | MP_END_FRAG) ) {
if( ippp_table[lp->ppp_slot]->debug & 0x40 )
@@ -2828,13 +2828,13 @@ static void isdn_ppp_send_ccp(isdn_net_d
struct ippp_struct *mis,*is;
int proto, slot = lp->ppp_slot;
unsigned char *data;
if(!skb || skb->len < 3)
return;
- if (slot < 0 || slot > ISDN_MAX_CHANNELS) {
+ if (slot < 0 || slot >= ISDN_MAX_CHANNELS) {
printk(KERN_ERR "%s: lp->ppp_slot(%d) out of range\n",
__FUNCTION__, slot);
return;
}
is = ippp_table[slot];
/* Daemon may send with or without address and control field comp */
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
