[01/13] qmi: validate TLV length

Message ID	20241031220638.1582166-1-denkenz@gmail.com (mailing list archive)
State	Accepted
Commit	ba768fa893e867823822b846190c12d3f4638137
Headers	show Received: from mail-ot1-f51.google.com (mail-ot1-f51.google.com [209.85.210.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 150CA14A4F9 for <ofono@lists.linux.dev>; Thu, 31 Oct 2024 22:06:40 +0000 (UTC) From: Denis Kenzior <denkenz@gmail.com> To: ofono@lists.linux.dev Cc: Denis Kenzior <denkenz@gmail.com> Subject: [PATCH 01/13] qmi: validate TLV length Date: Thu, 31 Oct 2024 17:06:08 -0500 Message-ID: <20241031220638.1582166-1-denkenz@gmail.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[01/13] qmi: validate TLV length \| expand [01/13] qmi: validate TLV length [02/13] gobi: Clear out service request queue on shutdown [03/13] simutil: Return early if file is not found [04/13] simfs: Quiet sanitizer runtime error [05/13] radio-settings: quiet sanitizer runtime error [06/13] gprs: Default CID range to 1..NUM_CONTEXTS -1 [07/13] qmimodem: Drop call to ofono_gprs_set_cid_range [08/13] gobi: Remove support for qmi_wwan_q [09/13] udevng: Remove non-upstream qmi_wwan_q support [10/13] gobi: Bring down the main interface at startup [11/13] gobi: Support only "usb" Bus values [12/13] gobi: document and validate "interfaceNumber" [13/13] qmi: wda: Convert #defines to an enum

Message ID

20241031220638.1582166-1-denkenz@gmail.com (mailing list archive)

State

Accepted

Commit

ba768fa893e867823822b846190c12d3f4638137

Headers

From: Denis Kenzior <denkenz@gmail.com>
To: ofono@lists.linux.dev
Cc: Denis Kenzior <denkenz@gmail.com>
Subject: [PATCH 01/13] qmi: validate TLV length
Date: Thu, 31 Oct 2024 17:06:08 -0500
Message-ID: <20241031220638.1582166-1-denkenz@gmail.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[01/13] qmi: validate TLV length | expand

For qmi_result_get_(u)int[8,16,32], make sure that the length corresponds to the size of the basic type prior to performing the memcpy. --- drivers/qmimodem/qmi.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-)

Comments

patchwork-bot+ofono@kernel.org Nov. 4, 2024, 10:20 p.m. UTC | #1

Hello:

This series was applied to ofono.git (master)
by Denis Kenzior <denkenz@gmail.com>:

On Thu, 31 Oct 2024 17:06:08 -0500 you wrote:
> For qmi_result_get_(u)int[8,16,32], make sure that the length
> corresponds to the size of the basic type prior to performing the
> memcpy.
> ---
>  drivers/qmimodem/qmi.c | 10 +++++-----
>  1 file changed, 5 insertions(+), 5 deletions(-)

Here is the summary with links:
  - [01/13] qmi: validate TLV length
    https://git.kernel.org/pub/scm/network/ofono/ofono.git/?id=ba768fa893e8
  - [02/13] gobi: Clear out service request queue on shutdown
    https://git.kernel.org/pub/scm/network/ofono/ofono.git/?id=3c6eda5e3470
  - [03/13] simutil: Return early if file is not found
    https://git.kernel.org/pub/scm/network/ofono/ofono.git/?id=b59850d0a4e3
  - [04/13] simfs: Quiet sanitizer runtime error
    https://git.kernel.org/pub/scm/network/ofono/ofono.git/?id=ede833c92f54
  - [05/13] radio-settings: quiet sanitizer runtime error
    https://git.kernel.org/pub/scm/network/ofono/ofono.git/?id=b697463bc642
  - [06/13] gprs: Default CID range to 1..NUM_CONTEXTS -1
    https://git.kernel.org/pub/scm/network/ofono/ofono.git/?id=0fba72b098a1
  - [07/13] qmimodem: Drop call to ofono_gprs_set_cid_range
    https://git.kernel.org/pub/scm/network/ofono/ofono.git/?id=40ecee4aff07
  - [08/13] gobi: Remove support for qmi_wwan_q
    https://git.kernel.org/pub/scm/network/ofono/ofono.git/?id=4b854f0736d5
  - [09/13] udevng: Remove non-upstream qmi_wwan_q support
    https://git.kernel.org/pub/scm/network/ofono/ofono.git/?id=da340fd02b80
  - [10/13] gobi: Bring down the main interface at startup
    https://git.kernel.org/pub/scm/network/ofono/ofono.git/?id=147de7a149f9
  - [11/13] gobi: Support only "usb" Bus values
    https://git.kernel.org/pub/scm/network/ofono/ofono.git/?id=f5d36c1c11b9
  - [12/13] gobi: document and validate "interfaceNumber"
    https://git.kernel.org/pub/scm/network/ofono/ofono.git/?id=d4df0fb906f9
  - [13/13] qmi: wda: Convert #defines to an enum
    https://git.kernel.org/pub/scm/network/ofono/ofono.git/?id=5677ffdbe643

You are awesome, thank you!

diff --git a/drivers/qmimodem/qmi.c b/drivers/qmimodem/qmi.c
index 0ba2e8b9e352..10dbdaac8bf6 100644
--- a/drivers/qmimodem/qmi.c
+++ b/drivers/qmimodem/qmi.c
@@ -2311,7 +2311,7 @@  bool qmi_result_get_uint8(struct qmi_result *result, uint8_t type,
 		return false;
 
 	ptr = tlv_get(result->data, result->length, type, &len);
-	if (!ptr)
+	if (!ptr || len != sizeof(uint8_t))
 		return false;
 
 	if (value)
@@ -2330,7 +2330,7 @@  bool qmi_result_get_int16(struct qmi_result *result, uint8_t type,
 		return false;
 
 	ptr = tlv_get(result->data, result->length, type, &len);
-	if (!ptr)
+	if (!ptr || len != sizeof(int16_t))
 		return false;
 
 	memcpy(&tmp, ptr, 2);
@@ -2351,7 +2351,7 @@  bool qmi_result_get_uint16(struct qmi_result *result, uint8_t type,
 		return false;
 
 	ptr = tlv_get(result->data, result->length, type, &len);
-	if (!ptr)
+	if (!ptr || len != sizeof(uint16_t))
 		return false;
 
 	memcpy(&tmp, ptr, 2);
@@ -2373,7 +2373,7 @@  bool qmi_result_get_uint32(struct qmi_result *result, uint8_t type,
 		return false;
 
 	ptr = tlv_get(result->data, result->length, type, &len);
-	if (!ptr)
+	if (!ptr || len != sizeof(uint32_t))
 		return false;
 
 	memcpy(&tmp, ptr, 4);
@@ -2395,7 +2395,7 @@  bool qmi_result_get_uint64(struct qmi_result *result, uint8_t type,
 		return false;
 
 	ptr = tlv_get(result->data, result->length, type, &len);
-	if (!ptr)
+	if (!ptr || len != sizeof(uint64_t))
 		return false;
 
 	memcpy(&tmp, ptr, 8);

[01/13] qmi: validate TLV length

Commit Message

Comments

Patch