gianfar: Fix overflow check and return value for gfar_get_cls_all()
authorBen Hutchings <bhutchings@solarflare.com>
Tue, 6 Sep 2011 12:44:25 +0000 (12:44 +0000)
committerDavid S. Miller <davem@davemloft.net>
Tue, 20 Sep 2011 19:40:12 +0000 (15:40 -0400)
This function may currently fill one entry beyond the end of the
array it is given.  It also doesn't return an error code in case
it does detect overflow.

Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
drivers/net/gianfar_ethtool.c

index 25a8c2adb001892acc1c2531de8ed8b62b30d8e0..0caf3c323ec0a3720e65b5475df795c4c35fe846 100644 (file)
@@ -1669,10 +1669,10 @@ static int gfar_get_cls_all(struct gfar_private *priv,
        u32 i = 0;
 
        list_for_each_entry(comp, &priv->rx_list.list, list) {
-               if (i <= cmd->rule_cnt) {
-                       rule_locs[i] = comp->fs.location;
-                       i++;
-               }
+               if (i == cmd->rule_cnt)
+                       return -EMSGSIZE;
+               rule_locs[i] = comp->fs.location;
+               i++;
        }
 
        cmd->data = MAX_FILER_IDX;