mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-30 06:10:56 +00:00
net: bcmasp: Sanity check is off by one
[ Upstream commitf120e62e37
] A sanity check for OOB write is off by one leading to a false positive when the array is full. Fixes:9b90aca97f
("net: ethernet: bcmasp: fix possible OOB write in bcmasp_netfilt_get_all_active()") Signed-off-by: Justin Chen <justin.chen@broadcom.com> Reviewed-by: Florian Fainelli <florian.fainelli@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
parent
ae24a16a83
commit
7bcb0a2510
1 changed files with 3 additions and 3 deletions
|
@ -535,9 +535,6 @@ int bcmasp_netfilt_get_all_active(struct bcmasp_intf *intf, u32 *rule_locs,
|
||||||
int j = 0, i;
|
int j = 0, i;
|
||||||
|
|
||||||
for (i = 0; i < NUM_NET_FILTERS; i++) {
|
for (i = 0; i < NUM_NET_FILTERS; i++) {
|
||||||
if (j == *rule_cnt)
|
|
||||||
return -EMSGSIZE;
|
|
||||||
|
|
||||||
if (!priv->net_filters[i].claimed ||
|
if (!priv->net_filters[i].claimed ||
|
||||||
priv->net_filters[i].port != intf->port)
|
priv->net_filters[i].port != intf->port)
|
||||||
continue;
|
continue;
|
||||||
|
@ -547,6 +544,9 @@ int bcmasp_netfilt_get_all_active(struct bcmasp_intf *intf, u32 *rule_locs,
|
||||||
priv->net_filters[i - 1].wake_filter)
|
priv->net_filters[i - 1].wake_filter)
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
|
if (j == *rule_cnt)
|
||||||
|
return -EMSGSIZE;
|
||||||
|
|
||||||
rule_locs[j++] = priv->net_filters[i].fs.location;
|
rule_locs[j++] = priv->net_filters[i].fs.location;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue