Commit 4daf7fa0 authored by Dan Carpenter's avatar Dan Carpenter Committed by Jens Axboe
Browse files

nvme-auth: fix off by one checks 



The > ARRAY_SIZE() checks need to be >= ARRAY_SIZE() to prevent reading
one element beyond the end of the arrays.

Fixes: db1312dd ("nvmet: implement basic In-Band Authentication")
Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: default avatarHannes Reinecke <hare@suse.de>
Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
parent a25d4261

drivers/nvme/common/auth.c

+5 −5
Original line number Diff line number Diff line
@@ -55,7 +55,7 @@ static struct nvme_auth_dhgroup_map { 


const char *nvme_auth_dhgroup_name(u8 dhgroup_id)

{

	if (dhgroup_id > ARRAY_SIZE(dhgroup_map))

	if (dhgroup_id >= ARRAY_SIZE(dhgroup_map))

		return NULL;

	return dhgroup_map[dhgroup_id].name;

}
@@ -63,7 +63,7 @@ EXPORT_SYMBOL_GPL(nvme_auth_dhgroup_name); 


const char *nvme_auth_dhgroup_kpp(u8 dhgroup_id)

{

	if (dhgroup_id > ARRAY_SIZE(dhgroup_map))

	if (dhgroup_id >= ARRAY_SIZE(dhgroup_map))

		return NULL;

	return dhgroup_map[dhgroup_id].kpp;

}
@@ -110,7 +110,7 @@ static struct nvme_dhchap_hash_map { 


const char *nvme_auth_hmac_name(u8 hmac_id)

{

	if (hmac_id > ARRAY_SIZE(hash_map))

	if (hmac_id >= ARRAY_SIZE(hash_map))

		return NULL;

	return hash_map[hmac_id].hmac;

}
@@ -118,7 +118,7 @@ EXPORT_SYMBOL_GPL(nvme_auth_hmac_name); 


const char *nvme_auth_digest_name(u8 hmac_id)

{

	if (hmac_id > ARRAY_SIZE(hash_map))

	if (hmac_id >= ARRAY_SIZE(hash_map))

		return NULL;

	return hash_map[hmac_id].digest;

}
@@ -144,7 +144,7 @@ EXPORT_SYMBOL_GPL(nvme_auth_hmac_id); 


size_t nvme_auth_hmac_hash_len(u8 hmac_id)

{

	if (hmac_id > ARRAY_SIZE(hash_map))

	if (hmac_id >= ARRAY_SIZE(hash_map))

		return 0;

	return hash_map[hmac_id].len;

}