git: 78cb32166d50 - stable/13 - ixgbe: prevent PBA read over eeprom word size
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 27 Sep 2024 03:41:44 UTC
The branch stable/13 has been updated by kbowling:
URL: https://cgit.FreeBSD.org/src/commit/?id=78cb32166d501dd867cced689fc9308798569b1f
commit 78cb32166d501dd867cced689fc9308798569b1f
Author: Dawid Zielinski <dawid.zielinski@intel.com>
AuthorDate: 2024-09-20 03:33:37 +0000
Commit: Kevin Bowling <kbowling@FreeBSD.org>
CommitDate: 2024-09-27 03:40:43 +0000
ixgbe: prevent PBA read over eeprom word size
DPDK commit message
net/ixgbe/base: prevent untrusted loop bound
Added length check against EEPROM size in words to prevent untrusted
loop bound reported by static code analysis.
Signed-off-by: Dawid Zielinski <dawid.zielinski@intel.com>
Obtained from: DPDK (6b58617)
(cherry picked from commit 25771c8c1ae606436823854de01fc2b23178e353)
---
sys/dev/ixgbe/ixgbe_common.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sys/dev/ixgbe/ixgbe_common.c b/sys/dev/ixgbe/ixgbe_common.c
index 7cf9b8d05127..7643d4028529 100644
--- a/sys/dev/ixgbe/ixgbe_common.c
+++ b/sys/dev/ixgbe/ixgbe_common.c
@@ -713,7 +713,7 @@ s32 ixgbe_read_pba_string_generic(struct ixgbe_hw *hw, u8 *pba_num,
return ret_val;
}
- if (length == 0xFFFF || length == 0) {
+ if (length == 0xFFFF || length == 0 || length > hw->eeprom.word_size) {
DEBUGOUT("NVM PBA number section invalid length\n");
return IXGBE_ERR_PBA_SECTION;
}