Author: np
Date: Sat Mar 3 02:39:54 2018
New Revision: 330308
URL: https://svnweb.freebsd.org/changeset/base/330308
Log:
MFC r328315:
cxgb(4): Validate offset/len in the GET_EEPROM ioctl.
Modified:
stable/11/sys/dev/cxgb/cxgb_main.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/dev/cxgb/cxgb_main.c
==============================================================================
--- stable/11/sys/dev/cxgb/cxgb_main.c Sat Mar 3 02:30:52 2018
(r330307)
+++ stable/11/sys/dev/cxgb/cxgb_main.c Sat Mar 3 02:39:54 2018
(r330308)
@@ -2958,8 +2958,14 @@ cxgb_extension_ioctl(struct cdev *dev, unsigned long c
case CHELSIO_GET_EEPROM: {
int i;
struct ch_eeprom *e = (struct ch_eeprom *)data;
- uint8_t *buf = malloc(EEPROMSIZE, M_DEVBUF, M_NOWAIT);
+ uint8_t *buf;
+ if (e->offset & 3 || e->offset >= EEPROMSIZE ||
+ e->len > EEPROMSIZE || e->offset + e->len > EEPROMSIZE) {
+ return (EINVAL);
+ }
+
+ buf = malloc(EEPROMSIZE, M_DEVBUF, M_NOWAIT);
if (buf == NULL) {
return (ENOMEM);
}
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
