mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-30 06:10:56 +00:00
Code Issues Releases Wiki Activity

net: bcmasp: Sanity check is off by one

Browse source 
[ Upstream commit f120e62e37 ]

A sanity check for OOB write is off by one leading to a false positive
when the array is full.

Fixes: 9b90aca97f ("net: ethernet: bcmasp: fix possible OOB write in bcmasp_netfilt_get_all_active()")
Signed-off-by: Justin Chen <justin.chen@broadcom.com>
Reviewed-by: Florian Fainelli <florian.fainelli@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Justin Chen 2024-02-15 10:27:32 -08:00 committed by Greg Kroah-Hartman
parent ae24a16a83
commit 7bcb0a2510
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
drivers/net/ethernet/broadcom/asp2/bcmasp.c
View file

@ -535,9 +535,6 @@ int bcmasp_netfilt_get_all_active(struct bcmasp_intf *intf, u32 *rule_locs,
int j = 0, i; int j = 0, i;
for (i = 0; i < NUM_NET_FILTERS; i++) { for (i = 0; i < NUM_NET_FILTERS; i++) {
if (j == *rule_cnt)
return -EMSGSIZE;
if (!priv->net_filters[i].claimed || if (!priv->net_filters[i].claimed ||
priv->net_filters[i].port != intf->port) priv->net_filters[i].port != intf->port)
continue; continue;
@ -547,6 +544,9 @@ int bcmasp_netfilt_get_all_active(struct bcmasp_intf *intf, u32 *rule_locs,
priv->net_filters[i - 1].wake_filter) priv->net_filters[i - 1].wake_filter)
continue; continue;
if (j == *rule_cnt)
return -EMSGSIZE;
rule_locs[j++] = priv->net_filters[i].fs.location; rule_locs[j++] = priv->net_filters[i].fs.location;
} }