firmware: dmi_scan: Fix UUID length safety check

The test which ensures that the DMI type 1 structure is long enough to hold the UUID is off by one. It would fail if the structure is exactly 24 bytes long, while that's sufficient to hold the UUID. I don't expect this bug to cause problem in practice because all implementations I have seen had length 8, 25 or 27 bytes, in line with the SMBIOS specifications. But let's fix it still. Signed-off-by: Jean Delvare <jdelvare@suse.de> Fixes: a814c359 ("firmware: dmi_scan: Check DMI structure length") Reviewed-by: Mika Westerberg <mika.westerberg@linux.intel.com>

firmware: dmi_scan: Fix UUID length safety check
The test which ensures that the DMI type 1 structure is long enough to hold the UUID is off by one. It would fail if the structure is exactly 24 bytes long, while that's sufficient to hold the UUID. I don't expect this bug to cause problem in practice because all implementations I have seen had length 8, 25 or 27 bytes, in line with the SMBIOS specifications. But let's fix it still. Signed-off-by: Jean Delvare <jdelvare@suse.de> Fixes: a814c359 ("firmware: dmi_scan: Check DMI structure length") Reviewed-by: Mika Westerberg <mika.westerberg@linux.intel.com>
90fe6f8f · Jean Delvare · 0adb3285 · 90fe6f8f
Commit 90fe6f8f authored Apr 13, 2018 by Jean Delvare
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

drivers/firmware/dmi_scan.c drivers/firmware/dmi_scan.c +1 -1

No files found.
--- a/drivers/firmware/dmi_scan.c
+++ b/drivers/firmware/dmi_scan.c
@@ -186,7 +186,7 @@ static void __init dmi_save_uuid(const struct dmi_header *dm, int slot,
 	char *s;
 	int is_ff = 1, is_00 = 1, i;
-	if (dmi_ident[slot] || dm->length <= index + 16)
+	if (dmi_ident[slot] || dm->length < index + 16)
 		return;
 	d = (u8 *) dm + index;