| Message ID | 20221121112204.24456-1-yuehaibing@huawei.com (mailing list archive) |
|---|---|
| State | Not Applicable |
| Headers | show |
| Series | [net] net/mlx5: Fix uninitialized variable bug in outlen_write() | expand |
On Mon, Nov 21, 2022 at 07:22:04PM +0800, YueHaibing wrote: > If sscanf() return 0, outlen is uninitialized and used in kzalloc(), > this is unexpected. We should return -EINVAL if the string is invalid. > > Fixes: e126ba97dba9 ("mlx5: Add driver for Mellanox Connect-IB adapters") > Signed-off-by: YueHaibing <yuehaibing@huawei.com> > --- > drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > Thanks, Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
On 21 Nov 19:22, YueHaibing wrote: >If sscanf() return 0, outlen is uninitialized and used in kzalloc(), >this is unexpected. We should return -EINVAL if the string is invalid. > >Fixes: e126ba97dba9 ("mlx5: Add driver for Mellanox Connect-IB adapters") >Signed-off-by: YueHaibing <yuehaibing@huawei.com> > applied to net-mlx5, thanks !
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c index 2e0d59ca62b5..cfb1e9f18a6c 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c @@ -1508,8 +1508,8 @@ static ssize_t outlen_write(struct file *filp, const char __user *buf, return -EFAULT; err = sscanf(outlen_str, "%d", &outlen); - if (err < 0) - return err; + if (err != 1) + return -EINVAL; ptr = kzalloc(outlen, GFP_KERNEL); if (!ptr)
If sscanf() return 0, outlen is uninitialized and used in kzalloc(), this is unexpected. We should return -EINVAL if the string is invalid. Fixes: e126ba97dba9 ("mlx5: Add driver for Mellanox Connect-IB adapters") Signed-off-by: YueHaibing <yuehaibing@huawei.com> --- drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)