| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20191121.144429.649625073638417068.davem@davemloft.net>
Date: Thu, 21 Nov 2019 14:44:29 -0800 (PST)
From: David Miller <davem@...emloft.net>
To: dan.carpenter@...cle.com
Cc: jiri@...lanox.com, dsahern@...il.com, idosch@...lanox.com,
petrm@...lanox.com, jakub.kicinski@...ronome.com,
nikolay@...ulusnetworks.com, parav@...lanox.com,
roopa@...ulusnetworks.com, johannes.berg@...el.com,
mkubecek@...e.cz, netdev@...r.kernel.org,
linux-rdma@...r.kernel.org, kernel-janitors@...r.kernel.org
Subject: Re: [PATCH net] net: rtnetlink: prevent underflows in
do_setvfinfo()
From: Dan Carpenter <dan.carpenter@...cle.com>
Date: Wed, 20 Nov 2019 15:34:38 +0300
> The "ivm->vf" variable is a u32, but the problem is that a number of
> drivers cast it to an int and then forget to check for negatives. An
> example of this is in the cxgb4 driver.
>
> drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
> 2890 static int cxgb4_mgmt_get_vf_config(struct net_device *dev,
> 2891 int vf, struct ifla_vf_info *ivi)
> ^^^^^^
> 2892 {
> 2893 struct port_info *pi = netdev_priv(dev);
> 2894 struct adapter *adap = pi->adapter;
> 2895 struct vf_info *vfinfo;
> 2896
> 2897 if (vf >= adap->num_vfs)
> ^^^^^^^^^^^^^^^^^^^
> 2898 return -EINVAL;
> 2899 vfinfo = &adap->vfinfo[vf];
> ^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> There are 48 functions affected.
...
> Signed-off-by: Dan Carpenter <dan.carpenter@...cle.com>
I'm going to apply this and queue it up for -stable.
The u32 conversion should happen in next.
Powered by blists - more mailing lists