diff options
| author | Gustavo A. R. Silva <gustavoars@kernel.org> | 2021-02-12 13:23:10 +0100 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2021-02-13 01:47:39 +0100 |
| commit | 93efb0c656837f4a31d7cc6117a7c8cecc8fadac (patch) | |
| tree | ade934985b702fe7465a56fe264a7b013244e4ea /include/net | |
| parent | octeontx2-af: Fix spelling mistake "recievd" -> "received" (diff) | |
| download | linux-93efb0c656837f4a31d7cc6117a7c8cecc8fadac.tar.xz linux-93efb0c656837f4a31d7cc6117a7c8cecc8fadac.zip | |
octeontx2-pf: Fix out-of-bounds read in otx2_get_fecparam()
Code at line 967 implies that rsp->fwdata.supported_fec may be up to 4:
967: if (rsp->fwdata.supported_fec <= FEC_MAX_INDEX)
If rsp->fwdata.supported_fec evaluates to 4, then there is an
out-of-bounds read at line 971 because fec is an array with
a maximum of 4 elements:
954 const int fec[] = {
955 ETHTOOL_FEC_OFF,
956 ETHTOOL_FEC_BASER,
957 ETHTOOL_FEC_RS,
958 ETHTOOL_FEC_BASER | ETHTOOL_FEC_RS};
959 #define FEC_MAX_INDEX 4
971: fecparam->fec = fec[rsp->fwdata.supported_fec];
Fix this by properly indexing fec[] with rsp->fwdata.supported_fec - 1.
In this case the proper indexes 0 to 3 are used when
rsp->fwdata.supported_fec evaluates to a range of 1 to 4, correspondingly.
Fixes: d0cf9503e908 ("octeontx2-pf: ethtool fec mode support")
Addresses-Coverity-ID: 1501722 ("Out-of-bounds read")
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net')
0 files changed, 0 insertions, 0 deletions