| Message ID | 4a88a0350064b5c2ec4e2adcef5afdfcab3e45dd.1417005245.git.tgraf@suug.ch |
|---|---|
| State | Accepted, archived |
| Delegated to: | David Miller |
| Headers | show |
On Wed, Nov 26, 2014 at 4:42 AM, Thomas Graf <tgraf@suug.ch> wrote: > Payload is currently accessed blindly and may exceed valid message > boundaries. > > Fixes: a77dcb8c8 ("be2net: set and query VEB/VEPA mode of the PF interface") > Fixes: 815cccbf1 ("ixgbe: add setlink, getlink support to ixgbe and ixgbevf") > Cc: Ajit Khaparde <ajit.khaparde@emulex.com> > Cc: John Fastabend <john.r.fastabend@intel.com> > Signed-off-by: Thomas Graf <tgraf@suug.ch> > --- > drivers/net/ethernet/emulex/benet/be_main.c | 3 +++ > drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 3 +++ > 2 files changed, 6 insertions(+) > Acked-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 11/26/2014 04:42 AM, Thomas Graf wrote: > Payload is currently accessed blindly and may exceed valid message > boundaries. > > Fixes: a77dcb8c8 ("be2net: set and query VEB/VEPA mode of the PF interface") > Fixes: 815cccbf1 ("ixgbe: add setlink, getlink support to ixgbe and ixgbevf") > Cc: Ajit Khaparde <ajit.khaparde@emulex.com> > Cc: John Fastabend <john.r.fastabend@intel.com> > Signed-off-by: Thomas Graf <tgraf@suug.ch> > --- > drivers/net/ethernet/emulex/benet/be_main.c | 3 +++ > drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 3 +++ > 2 files changed, 6 insertions(+) > Thanks Thomas. Acked-by: John Fastabend <john.r.fastabend@intel.com>
diff --git a/drivers/net/ethernet/emulex/benet/be_main.c b/drivers/net/ethernet/emulex/benet/be_main.c index 3e8475c..337e4cd 100644 --- a/drivers/net/ethernet/emulex/benet/be_main.c +++ b/drivers/net/ethernet/emulex/benet/be_main.c @@ -4314,6 +4314,9 @@ static int be_ndo_bridge_setlink(struct net_device *dev, struct nlmsghdr *nlh) if (nla_type(attr) != IFLA_BRIDGE_MODE) continue; + if (nla_len(attr) < sizeof(mode)) + return -EINVAL; + mode = nla_get_u16(attr); if (mode != BRIDGE_MODE_VEPA && mode != BRIDGE_MODE_VEB) return -EINVAL; diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c index 82ffe8b..dff9905 100644 --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c @@ -7677,6 +7677,9 @@ static int ixgbe_ndo_bridge_setlink(struct net_device *dev, if (nla_type(attr) != IFLA_BRIDGE_MODE) continue; + if (nla_len(attr) < sizeof(mode)) + return -EINVAL; + mode = nla_get_u16(attr); if (mode == BRIDGE_MODE_VEPA) { reg = 0;
Payload is currently accessed blindly and may exceed valid message boundaries. Fixes: a77dcb8c8 ("be2net: set and query VEB/VEPA mode of the PF interface") Fixes: 815cccbf1 ("ixgbe: add setlink, getlink support to ixgbe and ixgbevf") Cc: Ajit Khaparde <ajit.khaparde@emulex.com> Cc: John Fastabend <john.r.fastabend@intel.com> Signed-off-by: Thomas Graf <tgraf@suug.ch> --- drivers/net/ethernet/emulex/benet/be_main.c | 3 +++ drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 3 +++ 2 files changed, 6 insertions(+)