[SCSI] Fix issue reported by coverity in drivers/scsi/scsi_ioctl.c
This patch attempts to fix an issue found in drivers/scsi/scsi_ioctl.c by Coverity.
Error reported:
CID: 3437
Checker: FORWARD_NULL (help)
File: /export2/p4-coverity/mc2/linux26/drivers/scsi/scsi_ioctl.c
Function: scsi_ioctl_send_command
Description: Variable "buf" tracked as NULL was passed to a function that dereferences it.
Patch description:
buf can be NULL if inlen and outlen are both 0. This patch adds check if the
length is non-zero before calling copy from/to user.
Signed-off-by: Jayachandran C. <c.jayachandran@gmail.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
diff --git a/drivers/scsi/scsi_ioctl.c b/drivers/scsi/scsi_ioctl.c
index 26f5bc6..0bba7d8 100644
--- a/drivers/scsi/scsi_ioctl.c
+++ b/drivers/scsi/scsi_ioctl.c
@@ -278,7 +278,7 @@
* Obtain the data to be sent to the device (if any).
*/
- if(copy_from_user(buf, cmd_in + cmdlen, inlen))
+ if(inlen && copy_from_user(buf, cmd_in + cmdlen, inlen))
goto error;
switch (opcode) {
@@ -322,7 +322,7 @@
if (copy_to_user(cmd_in, sense, sb_len))
result = -EFAULT;
} else {
- if (copy_to_user(cmd_in, buf, outlen))
+ if (outlen && copy_to_user(cmd_in, buf, outlen))
result = -EFAULT;
}