RE: [PATCH] [net-next,v2] ibmvnic: Feature implementation of Vital Product Data (VPD) for the ibmvnic driver
From: David Miller > Sent: 04 November 2017 13:21 > From: Desnes Augusto Nunes do Rosario > Date: Wed, 1 Nov 2017 19:03:32 -0200 > > > + substr = strnstr(adapter->vpd->buff, "RM", adapter->vpd->len); > > + if (!substr) { > > + dev_info(dev, "No FW level provided by VPD\n"); > > + complete(&adapter->fw_done); > > + return; > > + } > > + > > + /* get length of firmware level ASCII substring */ > > + fw_level_len = *(substr + 2); > > + > > + /* copy firmware version string from vpd into adapter */ > > + ptr = strncpy((char *)adapter->fw_version, > > + substr + 3, fw_level_len); > > You have to be more careful here, making sure first that > (substr + 2) < (adapter->vpd->buff + adapter->vpd->len), > and next that (substr + 2 + fw_level_len) is in range > as well. And that the copy isn't longer than the target buffer. David
Re: [PATCH] [net-next,v2] ibmvnic: Feature implementation of Vital Product Data (VPD) for the ibmvnic driver
From: Desnes Augusto Nunes do Rosario Date: Wed, 1 Nov 2017 19:03:32 -0200 > + substr = strnstr(adapter->vpd->buff, "RM", adapter->vpd->len); > + if (!substr) { > + dev_info(dev, "No FW level provided by VPD\n"); > + complete(&adapter->fw_done); > + return; > + } > + > + /* get length of firmware level ASCII substring */ > + fw_level_len = *(substr + 2); > + > + /* copy firmware version string from vpd into adapter */ > + ptr = strncpy((char *)adapter->fw_version, > + substr + 3, fw_level_len); You have to be more careful here, making sure first that (substr + 2) < (adapter->vpd->buff + adapter->vpd->len), and next that (substr + 2 + fw_level_len) is in range as well.