d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

cxgb(4): Validate offset/len in the GET_EEPROM ioctl.

Browse Source 
Reported by:	Ilja Van Sprundel <ivansprundel@ioactive.com>
This commit is contained in:
Navdeep Parhar 2018-01-24 05:16:11 +00:00
parent 09b0b8c058
commit 76aca1d671
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=328315
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
sys/dev/cxgb/cxgb_main.c
View File

@ -2958,8 +2958,14 @@ cxgb_extension_ioctl(struct cdev *dev, unsigned long cmd, caddr_t data,
case CHELSIO_GET_EEPROM: {
int i;
struct ch_eeprom *e = (struct ch_eeprom *)data;
uint8_t *buf = malloc(EEPROMSIZE, M_DEVBUF, M_NOWAIT);
uint8_t *buf;
if (e->offset & 3 || e->offset >= EEPROMSIZE ||
e->len > EEPROMSIZE || e->offset + e->len > EEPROMSIZE) {
return (EINVAL);
}
buf = malloc(EEPROMSIZE, M_DEVBUF, M_NOWAIT);
if (buf == NULL) {
return (ENOMEM);
}