| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5cd9c68fc1514a1132e20e088ced841d722fef88.1547878835.git.igor.russkikh@aquantia.com>
Date: Mon, 21 Jan 2019 14:53:44 +0000
From: Igor Russkikh <Igor.Russkikh@...antia.com>
To: "David S . Miller" <davem@...emloft.net>
CC: "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
Igor Russkikh <Igor.Russkikh@...antia.com>,
Nikita Danilov <Nikita.Danilov@...antia.com>
Subject: [PATCH net 1/5] net: aquantia: fixed memcpy size
From: Nikita Danilov <nikita.danilov@...antia.com>
Not careful array dereference caused analysis tools
to think there could be memory overflow.
There was actually no corruption because the array is
two dimensional.
drivers/net/ethernet/aquantia/atlantic/aq_ethtool.c: 140
aq_ethtool_get_strings() error:
memcpy() '*aq_ethtool_stat_names' too small (32 vs 704)
Signed-off-by: Nikita Danilov <nikita.danilov@...antia.com>
Signed-off-by: Igor Russkikh <igor.russkikh@...antia.com>
---
drivers/net/ethernet/aquantia/atlantic/aq_ethtool.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/aquantia/atlantic/aq_ethtool.c b/drivers/net/ethernet/aquantia/atlantic/aq_ethtool.c
index 38e87eed76b9..a718d7a1f76c 100644
--- a/drivers/net/ethernet/aquantia/atlantic/aq_ethtool.c
+++ b/drivers/net/ethernet/aquantia/atlantic/aq_ethtool.c
@@ -138,7 +138,7 @@ static void aq_ethtool_get_strings(struct net_device *ndev,
u8 *p = data;
if (stringset == ETH_SS_STATS) {
- memcpy(p, *aq_ethtool_stat_names,
+ memcpy(p, aq_ethtool_stat_names,
sizeof(aq_ethtool_stat_names));
p = p + sizeof(aq_ethtool_stat_names);
for (i = 0; i < cfg->vecs; i++) {
--
2.17.1
Powered by blists - more mailing lists