From patchwork Fri Mar 11 17:58:17 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: david decotigny <ddecotig@gmail.com>
X-Patchwork-Id: 596435
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id D9EF8140326
	for <patchwork-incoming@ozlabs.org>;
	Sat, 12 Mar 2016 04:59:17 +1100 (AEDT)
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com header.b=wieAX6jP;
	dkim-atps=neutral
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751257AbcCKR7P (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Fri, 11 Mar 2016 12:59:15 -0500
Received: from mail-pa0-f66.google.com ([209.85.220.66]:35521 "EHLO
	mail-pa0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750905AbcCKR6k (ORCPT
	<rfc822;netdev@vger.kernel.org>); Fri, 11 Mar 2016 12:58:40 -0500
Received: by mail-pa0-f66.google.com with SMTP id fl4so9043797pad.2
	for <netdev@vger.kernel.org>; Fri, 11 Mar 2016 09:58:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20120113;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=gD4EMYF9tQe0DFHakS6nMQdczfzC4/tHMoOxnZc+4X4=;
	b=wieAX6jPnwogJ218OzxXhmMO/l6ZbDw+3L8gDnmIX+njVoHnj8eo1Bqnnwidh3ttzY
	4FbSnaAerOL0u/Djnta5ot7YFz5Qw1OKvonQcNu67DVBg9IKpJUTPGiCZIQwBT3asLpi
	xbGxhLc78zBPSEkYvP1WgRFCQ0mGyGNvSdWEmMstJ2Ce7wxqyeYG+hlcluU0m3ZTR+SB
	FYaL418MyXcchxmlwe4jhtKpRVhUxC+UwtDcAT8SmDu8Gk1d0a86rstmEoxqI50pY4Dz
	NVoukKPAyqqgTSaZFI69Y/7gOXGp4MKUl9AWIwrpF17Swt32iLC8Zsdz2KotC0qSG3Yi
	ptqQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=gD4EMYF9tQe0DFHakS6nMQdczfzC4/tHMoOxnZc+4X4=;
	b=BpdHUnLhKtgNb5N7SxeDpz0GFxSJ9hXlYAdI/r6ab0/HQ1cOOlAa+obRmVxCgqUaZZ
	H7DnnIEmI1aMufCXnHZSMAkU9KevCE45fMjzNFhYUXrYQVdKW28x+m0z0GwCzin6DUWo
	JzDzv++TI7idKVVSkshlvRHStdAOj07FFwQlwlCWqLYtDNO52JDY6ZNKs7dz50RKdTzx
	iZjz+oxvXIgcx1k8O1KwP4l6b8hb9Bte1pUtgRlwAcsO6rzS1pJ8wr3xXxxmA3X/flXA
	sKtmYeScM2Ivw4pVTlQ8MBTSt+4QyNHkTWUaJ/erDjM998odnZBPd8ce1e7yPEMnDn4T
	E7jw==
X-Gm-Message-State: 
 AD7BkJIPUNarAgpMzsOdNAbwf/H+5+G+A0NGbnI8SCGs1HAAUovEJ9Tnj2A7KAl46dfnQA==
X-Received: by 10.66.237.39 with SMTP id uz7mr17099954pac.141.1457719119441;
	Fri, 11 Mar 2016 09:58:39 -0800 (PST)
Received: from decot.mtv.corp.google.com ([172.18.64.100])
	by smtp.gmail.com with ESMTPSA id
	o185sm14433965pfo.36.2016.03.11.09.58.38
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Fri, 11 Mar 2016 09:58:38 -0800 (PST)
From: David Decotigny <ddecotig@gmail.com>
To: netdev@vger.kernel.org
Cc: Jeff Garzik <jgarzik@pobox.com>, Ben Hutchings <ben@decadent.org.uk>,
	David Miller <davem@redhat.com>,
	Vidya Sagar Ravipati <vidya@cumulusnetworks.com>,
	Joe Perches <joe@perches.com>, David Decotigny <decot@googlers.com>
Subject: [ethtool PATCH v4 04/11] ethtool.c: do_seeprom checks for params &
	stdin sanity
Date: Fri, 11 Mar 2016 09:58:17 -0800
Message-Id: <1457719104-39188-5-git-send-email-ddecotig@gmail.com>
X-Mailer: git-send-email 2.7.0.rc3.207.g0ac5344
In-Reply-To: <1457719104-39188-1-git-send-email-ddecotig@gmail.com>
References: <1457719104-39188-1-git-send-email-ddecotig@gmail.com>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

From: David Decotigny <decot@googlers.com>

Tested:
  On qemu e1000:
  $ dd if=/dev/zero bs=2 count=5 | /mnt/ethtool -E eth0 length 9
  too much data from stdin
  $ dd if=/dev/zero bs=2 count=5 | /mnt/ethtool -E eth0 length 11
  not enough data from stdin
  $ dd if=/dev/zero bs=2 count=5 | /mnt/ethtool -E eth0 length 10
  Cannot set EEPROM data: Bad address


Signed-off-by: David Decotigny <decot@googlers.com>
---
 ethtool.c | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/ethtool.c b/ethtool.c
index 7c2b5cb..d349bee 100644
--- a/ethtool.c
+++ b/ethtool.c
@@ -2828,8 +2828,10 @@ static int do_seeprom(struct cmd_context *ctx)
 	if (seeprom_length == -1)
 		seeprom_length = drvinfo.eedump_len;
 
-	if (drvinfo.eedump_len < seeprom_offset + seeprom_length)
-		seeprom_length = drvinfo.eedump_len - seeprom_offset;
+	if (drvinfo.eedump_len < seeprom_offset + seeprom_length) {
+		fprintf(stderr, "offset & length out of bounds\n");
+		return 1;
+	}
 
 	eeprom = calloc(1, sizeof(*eeprom)+seeprom_length);
 	if (!eeprom) {
@@ -2844,8 +2846,18 @@ static int do_seeprom(struct cmd_context *ctx)
 	eeprom->data[0] = seeprom_value;
 
 	/* Multi-byte write: read input from stdin */
-	if (!seeprom_value_seen)
-		eeprom->len = fread(eeprom->data, 1, eeprom->len, stdin);
+	if (!seeprom_value_seen) {
+		if (1 != fread(eeprom->data, eeprom->len, 1, stdin)) {
+			fprintf(stderr, "not enough data from stdin\n");
+			free(eeprom);
+			return 75;
+		}
+		if ((fgetc(stdin) != EOF) || !feof(stdin)) {
+			fprintf(stderr, "too much data from stdin\n");
+			free(eeprom);
+			return 75;
+		}
+	}
 
 	err = send_ioctl(ctx, eeprom);
 	if (err < 0) {