redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity

net: mvpp2: cls: Prevent buffer overflow in mvpp2_ethtool_cls_rule_del() 

[ Upstream commit 722c0f00d4 ]

The "info->fs.location" is a u32 that comes from the user via the
ethtool_set_rxnfc() function.  We need to check for invalid values to
prevent a buffer overflow.

I copy and pasted this check from the mvpp2_ethtool_cls_rule_ins()
function.

Fixes: 90b509b39a ("net: mvpp2: cls: Add Classification offload support")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
5.4-rM2-2.2.x-imx-squashed
Dan Carpenter 2020-05-06 13:16:56 +03:00 committed by Greg Kroah-Hartman
parent b2930c86ee
commit 0aeae7ad94
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
drivers/net/ethernet/marvell/mvpp2/mvpp2_cls.c
View File

@ -1422,6 +1422,9 @@ int mvpp2_ethtool_cls_rule_del(struct mvpp2_port *port,
struct mvpp2_ethtool_fs *efs;
int ret;
if (info->fs.location >= MVPP2_N_RFS_ENTRIES_PER_FLOW)
return -EINVAL;
efs = port->rfs_rules[info->fs.location];
if (!efs)
return -EINVAL;