git: 0ea3d1ca5e27 - stable/14 - ixgbe: prevent PBA read over eeprom word size
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 27 Sep 2024 03:36:23 UTC
The branch stable/14 has been updated by kbowling:
URL: https://cgit.FreeBSD.org/src/commit/?id=0ea3d1ca5e27b0af2573e0d7ca83ba5d113ed1c5
commit 0ea3d1ca5e27b0af2573e0d7ca83ba5d113ed1c5
Author: Dawid Zielinski <dawid.zielinski@intel.com>
AuthorDate: 2024-09-20 03:33:37 +0000
Commit: Kevin Bowling <kbowling@FreeBSD.org>
CommitDate: 2024-09-27 03:34:39 +0000
ixgbe: prevent PBA read over eeprom word size
DPDK commit message
net/ixgbe/base: prevent untrusted loop bound
Added length check against EEPROM size in words to prevent untrusted
loop bound reported by static code analysis.
Signed-off-by: Dawid Zielinski <dawid.zielinski@intel.com>
Obtained from: DPDK (6b58617)
(cherry picked from commit 25771c8c1ae606436823854de01fc2b23178e353)
---
sys/dev/ixgbe/ixgbe_common.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sys/dev/ixgbe/ixgbe_common.c b/sys/dev/ixgbe/ixgbe_common.c
index 7cf9b8d05127..7643d4028529 100644
--- a/sys/dev/ixgbe/ixgbe_common.c
+++ b/sys/dev/ixgbe/ixgbe_common.c
@@ -713,7 +713,7 @@ s32 ixgbe_read_pba_string_generic(struct ixgbe_hw *hw, u8 *pba_num,
return ret_val;
}
- if (length == 0xFFFF || length == 0) {
+ if (length == 0xFFFF || length == 0 || length > hw->eeprom.word_size) {
DEBUGOUT("NVM PBA number section invalid length\n");
return IXGBE_ERR_PBA_SECTION;
}