| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250416105542.118371-1-a.vatoropin@crpt.ru>
Date: Wed, 16 Apr 2025 10:55:47 +0000
From: Ваторопин Андрей <a.vatoropin@...t.ru>
To: Ajit Khaparde <ajit.khaparde@...adcom.com>
CC: Ваторопин Андрей <a.vatoropin@...t.ru>, "Sriharsha
Basavapatna" <sriharsha.basavapatna@...adcom.com>, Somnath Kotur
<somnath.kotur@...adcom.com>, Andrew Lunn <andrew+netdev@...n.ch>, "David S.
Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, "Jakub
Kicinski" <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, "Padmanabh
Ratnakar" <padmanabh.ratnakar@...lex.com>, Mammatha Edhala
<mammatha.edhala@...lex.com>, "netdev@...r.kernel.org"
<netdev@...r.kernel.org>, "linux-kernel@...r.kernel.org"
<linux-kernel@...r.kernel.org>, "lvc-project@...uxtesting.org"
<lvc-project@...uxtesting.org>
Subject: [PATCH] be2net: Remove potential access to the zero address
From: Andrey Vatoropin <a.vatoropin@...t.ru>
At the moment of calling the function be_cmd_get_mac_from_list() with the
following parameters:
be_cmd_get_mac_from_list(adapter, mac, &pmac_valid, NULL,
adapter->if_handle, 0);
The parameter "pmac_id" equals NULL.
Then, if "mac_addr_size" equals four bytes, there is a possibility of
accessing the zero address via the pointer "pmac_id".
Add an extra check for the pointer "pmac_id" to avoid accessing the zero
address.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: e5e1ee894615 ("be2net: Use new implementation of get mac list command")
Signed-off-by: Andrey Vatoropin <a.vatoropin@...t.ru>
---
drivers/net/ethernet/emulex/benet/be_cmds.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/emulex/benet/be_cmds.c b/drivers/net/ethernet/emulex/benet/be_cmds.c
index 51b8377edd1d..be5bbf6881b8 100644
--- a/drivers/net/ethernet/emulex/benet/be_cmds.c
+++ b/drivers/net/ethernet/emulex/benet/be_cmds.c
@@ -3757,7 +3757,7 @@ int be_cmd_get_mac_from_list(struct be_adapter *adapter, u8 *mac,
/* mac_id is a 32 bit value and mac_addr size
* is 6 bytes
*/
- if (mac_addr_size == sizeof(u32)) {
+ if (pmac_id && mac_addr_size == sizeof(u32)) {
*pmac_id_valid = true;
mac_id = mac_entry->mac_addr_id.s_mac_id.mac_id;
*pmac_id = le32_to_cpu(mac_id);
--
2.43.0
Powered by blists - more mailing lists