[SCSI] Fix issue reported by coverity in drivers/scsi/scsi_ioctl.c

This patch attempts to fix an issue found in drivers/scsi/scsi_ioctl.c by Coverity.

Error reported:
CID: 3437
Checker: FORWARD_NULL (help)
File: /export2/p4-coverity/mc2/linux26/drivers/scsi/scsi_ioctl.c
Function: scsi_ioctl_send_command
Description: Variable "buf" tracked as NULL was passed to a function that dereferences it.

Patch description:
buf can be NULL if inlen and outlen are both 0. This patch adds check if the
length is non-zero before calling copy from/to user.

Signed-off-by: Jayachandran C. <c.jayachandran@gmail.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>

diff --git a/drivers/scsi/scsi_ioctl.c b/drivers/scsi/scsi_ioctl.c
index 26f5bc6..0bba7d8 100644 (file)
--- a/drivers/scsi/scsi_ioctl.c
+++ b/drivers/scsi/scsi_ioctl.c
@@ -278,7 +278,7 @@ int scsi_ioctl_send_command(struct scsi_device *sdev,
         * Obtain the data to be sent to the device (if any).
         */
 
-       if(copy_from_user(buf, cmd_in + cmdlen, inlen))
+       if(inlen && copy_from_user(buf, cmd_in + cmdlen, inlen))
                goto error;
 
        switch (opcode) {
@@ -322,7 +322,7 @@ int scsi_ioctl_send_command(struct scsi_device *sdev,
                if (copy_to_user(cmd_in, sense, sb_len))
                        result = -EFAULT;
        } else {
-               if (copy_to_user(cmd_in, buf, outlen))
+               if (outlen && copy_to_user(cmd_in, buf, outlen))
                        result = -EFAULT;
        }