| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Z/+VTcHpQMJ3ioCM@mev-dev.igk.intel.com>
Date: Wed, 16 Apr 2025 13:32:29 +0200
From: Michal Swiatkowski <michal.swiatkowski@...ux.intel.com>
To: Ваторопин Андрей <a.vatoropin@...t.ru>
Cc: Ajit Khaparde <ajit.khaparde@...adcom.com>,
Sriharsha Basavapatna <sriharsha.basavapatna@...adcom.com>,
Somnath Kotur <somnath.kotur@...adcom.com>,
Andrew Lunn <andrew+netdev@...n.ch>,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
Padmanabh Ratnakar <padmanabh.ratnakar@...lex.com>,
Mammatha Edhala <mammatha.edhala@...lex.com>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"lvc-project@...uxtesting.org" <lvc-project@...uxtesting.org>
Subject: Re: [PATCH] be2net: Remove potential access to the zero address
On Wed, Apr 16, 2025 at 10:55:47AM +0000, Ваторопин Андрей wrote:
> From: Andrey Vatoropin <a.vatoropin@...t.ru>
>
> At the moment of calling the function be_cmd_get_mac_from_list() with the
> following parameters:
> be_cmd_get_mac_from_list(adapter, mac, &pmac_valid, NULL,
> adapter->if_handle, 0);
Looks like pmac_valid needs to be false to reach *pmac_id assign.
>
> The parameter "pmac_id" equals NULL.
>
> Then, if "mac_addr_size" equals four bytes, there is a possibility of
> accessing the zero address via the pointer "pmac_id".
>
> Add an extra check for the pointer "pmac_id" to avoid accessing the zero
> address.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Fixes: e5e1ee894615 ("be2net: Use new implementation of get mac list command")
> Signed-off-by: Andrey Vatoropin <a.vatoropin@...t.ru>
> ---
> drivers/net/ethernet/emulex/benet/be_cmds.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/net/ethernet/emulex/benet/be_cmds.c b/drivers/net/ethernet/emulex/benet/be_cmds.c
> index 51b8377edd1d..be5bbf6881b8 100644
> --- a/drivers/net/ethernet/emulex/benet/be_cmds.c
> +++ b/drivers/net/ethernet/emulex/benet/be_cmds.c
> @@ -3757,7 +3757,7 @@ int be_cmd_get_mac_from_list(struct be_adapter *adapter, u8 *mac,
> /* mac_id is a 32 bit value and mac_addr size
> * is 6 bytes
> */
> - if (mac_addr_size == sizeof(u32)) {
> + if (pmac_id && mac_addr_size == sizeof(u32)) {
> *pmac_id_valid = true;
> mac_id = mac_entry->mac_addr_id.s_mac_id.mac_id;
> *pmac_id = le32_to_cpu(mac_id);
Thanks for fixing.
Reviewed-by: Michal Swiatkowski <michal.swiatkowski@...ux.intel.com>
> --
> 2.43.0
Powered by blists - more mailing lists