Staging: dgnc: avoiding buffer overflow
authorAshvini Varatharaj <ashvinivaratharaj@gmail.com>
Sat, 19 Oct 2013 09:52:28 +0000 (15:22 +0530)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 19 Oct 2013 21:35:05 +0000 (14:35 -0700)
drivers/staging/dgnc/dgnc_neo.c:1969 neo_vpd() error: buffer overflow 'brd->vpd' 128 <= 128
drivers/staging/dgnc/dgnc_neo.c:1970 neo_vpd() warn: buffer overflow 'brd->vpd' 128 <= 130
drivers/staging/dgnc/dgnc_neo.c:1970 neo_vpd() warn: buffer overflow 'brd->vpd' 128 <= 130

Signed-off-by: Ashvini Varatharaj <ashvinivaratharaj@gmail.com>
Reviewed-by: Peter P Waskiewicz Jr <peter.p.waskiewicz.jr@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/staging/dgnc/dgnc_neo.c

index 0e2a5e144cfef69d8ba876394b9832108ad20690..dc5a138d8d4ad6aefa947fe5c24ed3015ef04b44 100644 (file)
@@ -1965,7 +1965,7 @@ static void neo_vpd(struct dgnc_board *brd)
        }
        else {
                /* Search for the serial number */
-               for (i = 0; i < NEO_VPD_IMAGESIZE * 2; i++) {
+               for (i = 0; i < NEO_VPD_IMAGEBYTES - 3; i++) {
                        if (brd->vpd[i] == 'S' && brd->vpd[i + 1] == 'N') {
                                strncpy(brd->serial_num, &(brd->vpd[i + 3]), 9);
                        }