| From 5c46b80630bd07771d7dab4c4c48ab1d37854271 Mon Sep 17 00:00:00 2001 |
| From: Sasha Levin <sashal@kernel.org> |
| Date: Mon, 23 Dec 2019 10:42:19 -0600 |
| Subject: ipmi:ssif: Handle a possible NULL pointer reference |
| |
| From: Corey Minyard <cminyard@mvista.com> |
| |
| [ Upstream commit 6b8526d3abc02c08a2f888e8c20b7ac9e5776dfe ] |
| |
| In error cases a NULL can be passed to memcpy. The length will always |
| be zero, so it doesn't really matter, but go ahead and check for NULL, |
| anyway, to be more precise and avoid static analysis errors. |
| |
| Reported-by: kbuild test robot <lkp@intel.com> |
| Signed-off-by: Corey Minyard <cminyard@mvista.com> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| drivers/char/ipmi/ipmi_ssif.c | 10 +++++++--- |
| 1 file changed, 7 insertions(+), 3 deletions(-) |
| |
| diff --git a/drivers/char/ipmi/ipmi_ssif.c b/drivers/char/ipmi/ipmi_ssif.c |
| index 22c6a2e612360..8ac390c2b5147 100644 |
| --- a/drivers/char/ipmi/ipmi_ssif.c |
| +++ b/drivers/char/ipmi/ipmi_ssif.c |
| @@ -775,10 +775,14 @@ static void msg_done_handler(struct ssif_info *ssif_info, int result, |
| flags = ipmi_ssif_lock_cond(ssif_info, &oflags); |
| msg = ssif_info->curr_msg; |
| if (msg) { |
| + if (data) { |
| + if (len > IPMI_MAX_MSG_LENGTH) |
| + len = IPMI_MAX_MSG_LENGTH; |
| + memcpy(msg->rsp, data, len); |
| + } else { |
| + len = 0; |
| + } |
| msg->rsp_size = len; |
| - if (msg->rsp_size > IPMI_MAX_MSG_LENGTH) |
| - msg->rsp_size = IPMI_MAX_MSG_LENGTH; |
| - memcpy(msg->rsp, data, msg->rsp_size); |
| ssif_info->curr_msg = NULL; |
| } |
| |
| -- |
| 2.20.1 |
| |