diff mbox series

[net] net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry()

Message ID Yo80IuC/PRv7vF5m@kili (mailing list archive)
State New, archived
Headers show
Series [net] net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() | expand

Commit Message

Dan Carpenter May 26, 2022, 8:02 a.m. UTC
The "fsp->location" variable comes from user via ethtool_get_rxnfc().
Check that it is valid to prevent an out of bounds read.

Fixes: 7aab747e5563 ("net: ethernet: mediatek: add ethtool functions to configure RX flows of HW LRO")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
 drivers/net/ethernet/mediatek/mtk_eth_soc.c | 3 +++
 1 file changed, 3 insertions(+)

Comments

patchwork-bot+netdevbpf@kernel.org May 27, 2022, 7:10 a.m. UTC | #1
Hello:

This patch was applied to netdev/net.git (master)
by David S. Miller <davem@davemloft.net>:

On Thu, 26 May 2022 11:02:42 +0300 you wrote:
> The "fsp->location" variable comes from user via ethtool_get_rxnfc().
> Check that it is valid to prevent an out of bounds read.
> 
> Fixes: 7aab747e5563 ("net: ethernet: mediatek: add ethtool functions to configure RX flows of HW LRO")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
>  drivers/net/ethernet/mediatek/mtk_eth_soc.c | 3 +++
>  1 file changed, 3 insertions(+)

Here is the summary with links:
  - [net] net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry()
    https://git.kernel.org/netdev/net/c/e7e7104e2d5d

You are awesome, thank you!
diff mbox series

Patch

diff --git a/drivers/net/ethernet/mediatek/mtk_eth_soc.c b/drivers/net/ethernet/mediatek/mtk_eth_soc.c
index a9d4fd8945bb..b3b3c079a0fa 100644
--- a/drivers/net/ethernet/mediatek/mtk_eth_soc.c
+++ b/drivers/net/ethernet/mediatek/mtk_eth_soc.c
@@ -2212,6 +2212,9 @@  static int mtk_hwlro_get_fdir_entry(struct net_device *dev,
 	struct ethtool_rx_flow_spec *fsp =
 		(struct ethtool_rx_flow_spec *)&cmd->fs;
 
+	if (fsp->location >= ARRAY_SIZE(mac->hwlro_ip))
+		return -EINVAL;
+
 	/* only tcp dst ipv4 is meaningful, others are meaningless */
 	fsp->flow_type = TCP_V4_FLOW;
 	fsp->h_u.tcp_ip4_spec.ip4dst = ntohl(mac->hwlro_ip[fsp->location]);