| From 96b50c3f3fc8a8fa23523174f51efe8278f0af6d Mon Sep 17 00:00:00 2001 |
| From: Corey Minyard <cminyard@mvista.com> |
| Date: Mon, 23 Dec 2019 10:42:19 -0600 |
| Subject: [PATCH] ipmi:ssif: Handle a possible NULL pointer reference |
| |
| commit 6b8526d3abc02c08a2f888e8c20b7ac9e5776dfe upstream. |
| |
| In error cases a NULL can be passed to memcpy. The length will always |
| be zero, so it doesn't really matter, but go ahead and check for NULL, |
| anyway, to be more precise and avoid static analysis errors. |
| |
| Reported-by: kbuild test robot <lkp@intel.com> |
| Signed-off-by: Corey Minyard <cminyard@mvista.com> |
| Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> |
| |
| diff --git a/drivers/char/ipmi/ipmi_ssif.c b/drivers/char/ipmi/ipmi_ssif.c |
| index 305fa5054274..2412a9baf8a2 100644 |
| --- a/drivers/char/ipmi/ipmi_ssif.c |
| +++ b/drivers/char/ipmi/ipmi_ssif.c |
| @@ -776,10 +776,14 @@ static void msg_done_handler(struct ssif_info *ssif_info, int result, |
| flags = ipmi_ssif_lock_cond(ssif_info, &oflags); |
| msg = ssif_info->curr_msg; |
| if (msg) { |
| + if (data) { |
| + if (len > IPMI_MAX_MSG_LENGTH) |
| + len = IPMI_MAX_MSG_LENGTH; |
| + memcpy(msg->rsp, data, len); |
| + } else { |
| + len = 0; |
| + } |
| msg->rsp_size = len; |
| - if (msg->rsp_size > IPMI_MAX_MSG_LENGTH) |
| - msg->rsp_size = IPMI_MAX_MSG_LENGTH; |
| - memcpy(msg->rsp, data, msg->rsp_size); |
| ssif_info->curr_msg = NULL; |
| } |
| |
| -- |
| 2.7.4 |
| |