scsi: dc395x: Fix a missing check on list iterator
commit036a45aa58upstream. The bug is here: p->target_id, p->target_lun); The list iterator 'p' will point to a bogus position containing HEAD if the list is empty or no element is found. This case must be checked before any use of the iterator, otherwise it will lead to an invalid memory access. To fix this bug, add a check. Use a new variable 'iter' as the list iterator, and use the original variable 'p' as a dedicated pointer to point to the found element. Link: https://lore.kernel.org/r/20220414040231.2662-1-xiam0nd.tong@gmail.com Fixes:1da177e4c3("Linux-2.6.12-rc2") Cc: stable@vger.kernel.org Signed-off-by: Xiaomeng Tong <xiam0nd.tong@gmail.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Xiaomeng Tong
Greg Kroah-Hartman
parent
337e365507
commit
f297dc2364
1 changed files with 12 additions and 3 deletions
|
|
@ -3631,10 +3631,19 @@ static struct DeviceCtlBlk *device_alloc(struct AdapterCtlBlk *acb,
|
|||
#endif
|
||||
if (dcb->target_lun != 0) {
|
||||
/* Copy settings */
|
||||
struct DeviceCtlBlk *p;
|
||||
list_for_each_entry(p, &acb->dcb_list, list)
|
||||
if (p->target_id == dcb->target_id)
|
||||
struct DeviceCtlBlk *p = NULL, *iter;
|
||||
|
||||
list_for_each_entry(iter, &acb->dcb_list, list)
|
||||
if (iter->target_id == dcb->target_id) {
|
||||
p = iter;
|
||||
break;
|
||||
}
|
||||
|
||||
if (!p) {
|
||||
kfree(dcb);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
dprintkdbg(DBG_1,
|
||||
"device_alloc: <%02i-%i> copy from <%02i-%i>\n",
|
||||
dcb->target_id, dcb->target_lun,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue