From 12f09ccb4612734a53e47ed5302e0479c10a50f8 Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Sat, 2 Apr 2011 14:32:47 -0700 Subject: [PATCH] loopback: off by one in tcm_loop_make_naa_tpg() This is an off by one 'tgpt' check in tcm_loop_make_naa_tpg() that could result in memory corruption. Signed-off-by: Dan Carpenter Signed-off-by: Nicholas A. Bellinger --- drivers/target/loopback/tcm_loop.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/target/loopback/tcm_loop.c b/drivers/target/loopback/tcm_loop.c index c2937b2035d3..083d6c51f052 100644 --- a/drivers/target/loopback/tcm_loop.c +++ b/drivers/target/loopback/tcm_loop.c @@ -1205,7 +1205,7 @@ struct se_portal_group *tcm_loop_make_naa_tpg( tpgt_str += 5; /* Skip ahead of "tpgt_" */ tpgt = (unsigned short int) simple_strtoul(tpgt_str, &end_ptr, 0); - if (tpgt > TL_TPGS_PER_HBA) { + if (tpgt >= TL_TPGS_PER_HBA) { printk(KERN_ERR "Passed tpgt: %hu exceeds TL_TPGS_PER_HBA:" " %u\n", tpgt, TL_TPGS_PER_HBA); return ERR_PTR(-EINVAL); -- 2.39.5