From 4daf7fa07ee3c31d5b03b87f96dbf3d8151ef654 Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Mon, 18 Jul 2022 14:09:32 +0300 Subject: nvme-auth: fix off by one checks The > ARRAY_SIZE() checks need to be >= ARRAY_SIZE() to prevent reading one element beyond the end of the arrays. Fixes: db1312dd9548 ("nvmet: implement basic In-Band Authentication") Signed-off-by: Dan Carpenter Reviewed-by: Hannes Reinecke Signed-off-by: Christoph Hellwig Signed-off-by: Jens Axboe --- drivers/nvme/common/auth.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/nvme/common/auth.c b/drivers/nvme/common/auth.c index 94cc7cafbb9d..4b146cec9406 100644 --- a/drivers/nvme/common/auth.c +++ b/drivers/nvme/common/auth.c @@ -55,7 +55,7 @@ static struct nvme_auth_dhgroup_map { const char *nvme_auth_dhgroup_name(u8 dhgroup_id) { - if (dhgroup_id > ARRAY_SIZE(dhgroup_map)) + if (dhgroup_id >= ARRAY_SIZE(dhgroup_map)) return NULL; return dhgroup_map[dhgroup_id].name; } @@ -63,7 +63,7 @@ EXPORT_SYMBOL_GPL(nvme_auth_dhgroup_name); const char *nvme_auth_dhgroup_kpp(u8 dhgroup_id) { - if (dhgroup_id > ARRAY_SIZE(dhgroup_map)) + if (dhgroup_id >= ARRAY_SIZE(dhgroup_map)) return NULL; return dhgroup_map[dhgroup_id].kpp; } @@ -110,7 +110,7 @@ static struct nvme_dhchap_hash_map { const char *nvme_auth_hmac_name(u8 hmac_id) { - if (hmac_id > ARRAY_SIZE(hash_map)) + if (hmac_id >= ARRAY_SIZE(hash_map)) return NULL; return hash_map[hmac_id].hmac; } @@ -118,7 +118,7 @@ EXPORT_SYMBOL_GPL(nvme_auth_hmac_name); const char *nvme_auth_digest_name(u8 hmac_id) { - if (hmac_id > ARRAY_SIZE(hash_map)) + if (hmac_id >= ARRAY_SIZE(hash_map)) return NULL; return hash_map[hmac_id].digest; } @@ -144,7 +144,7 @@ EXPORT_SYMBOL_GPL(nvme_auth_hmac_id); size_t nvme_auth_hmac_hash_len(u8 hmac_id) { - if (hmac_id > ARRAY_SIZE(hash_map)) + if (hmac_id >= ARRAY_SIZE(hash_map)) return 0; return hash_map[hmac_id].len; } -- cgit v1.2.3