From: Jean Delvare Date: Fri, 13 Apr 2018 13:37:59 +0000 (+0200) Subject: firmware: dmi_scan: Fix UUID length safety check X-Git-Tag: microblaze-v4.18-rc1~55^2~2 X-Git-Url: http://git.monstr.eu/?a=commitdiff_plain;h=90fe6f8ff00a07641ca893d64f75ca22ce77cca2;p=linux-2.6-microblaze.git firmware: dmi_scan: Fix UUID length safety check The test which ensures that the DMI type 1 structure is long enough to hold the UUID is off by one. It would fail if the structure is exactly 24 bytes long, while that's sufficient to hold the UUID. I don't expect this bug to cause problem in practice because all implementations I have seen had length 8, 25 or 27 bytes, in line with the SMBIOS specifications. But let's fix it still. Signed-off-by: Jean Delvare Fixes: a814c3597a6b ("firmware: dmi_scan: Check DMI structure length") Reviewed-by: Mika Westerberg --- diff --git a/drivers/firmware/dmi_scan.c b/drivers/firmware/dmi_scan.c index e763e1484331..c3be8ef9243f 100644 --- a/drivers/firmware/dmi_scan.c +++ b/drivers/firmware/dmi_scan.c @@ -186,7 +186,7 @@ static void __init dmi_save_uuid(const struct dmi_header *dm, int slot, char *s; int is_ff = 1, is_00 = 1, i; - if (dmi_ident[slot] || dm->length <= index + 16) + if (dmi_ident[slot] || dm->length < index + 16) return; d = (u8 *) dm + index;