lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 20 Jun 2020 18:00:38 +0200
From:   Andrew Lunn <andrew@...n.ch>
To:     Luo bin <luobin9@...wei.com>
Cc:     davem@...emloft.net, linux-kernel@...r.kernel.org,
        netdev@...r.kernel.org, luoxianjun@...wei.com,
        yin.yinshi@...wei.com, cloud.wangxiaoyun@...wei.com
Subject: Re: [PATCH net-next v1 5/5] hinic: add support to get eeprom
 information

> +static int hinic_get_module_eeprom(struct net_device *netdev,
> +				   struct ethtool_eeprom *ee, u8 *data)
> +{
> +	struct hinic_dev *nic_dev = netdev_priv(netdev);
> +	u8 sfp_data[STD_SFP_INFO_MAX_SIZE];

sfp_data will contain whatever is on the stack.

> +	u16 len;
> +	int err;
> +
> +	if (!ee->len || ((ee->len + ee->offset) > STD_SFP_INFO_MAX_SIZE))
> +		return -EINVAL;
> +
> +	memset(data, 0, ee->len);

This clears what you are going to return.

> +
> +	err = hinic_get_sfp_eeprom(nic_dev->hwdev, sfp_data, &len);

Upto len bytes of sfp_data now contain useful data. The rest of
sfp_data is still stack data.


> +	if (err)
> +		return err;
> +
> +	memcpy(data, sfp_data + ee->offset, ee->len);

If len < ee->len, you have just returned to user space some stack data.

   Andrew

Powered by blists - more mailing lists