char: lp: fix possible integer overflow in lp_setup()
authorWilly Tarreau <w@1wt.eu>
Tue, 16 May 2017 17:18:55 +0000 (19:18 +0200)
committerWilly Tarreau <w@1wt.eu>
Wed, 7 Jun 2017 22:47:12 +0000 (00:47 +0200)
commit66cb32401b6041356f0be44a302cdb42c20de6c2
treee93c19e83a786fb1669e233d602ab785e9346067
parent2f954a6249770ef5f2588aab0ca182238028628f
char: lp: fix possible integer overflow in lp_setup()

commit 3e21f4af170bebf47c187c1ff8bf155583c9f3b1 upstream.

The lp_setup() code doesn't apply any bounds checking when passing
"lp=none", and only in this case, resulting in an overflow of the
parport_nr[] array. All versions in Git history are affected.

Reported-By: Roee Hay <roee.hay@hcl.com>
Cc: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Willy Tarreau <w@1wt.eu>
drivers/char/lp.c