[Intel-wired-lan] [PATCH net v1] i40e: fix passing tainted expression to kzalloc()
Loktionov, Aleksandr
aleksandr.loktionov at intel.com
Tue Mar 28 05:41:11 UTC 2023
From: Aleksandr Loktionov <aleksandr.loktionov at intel.com>
Add buff_size limit of 1280 bytes for user input value.
Fixes: f1143c4b0f60 ("i40e: Expose AQ debugfs hooks")
Signed-off-by: Aleksandr Loktionov <aleksandr.loktionov at intel.com>
---
drivers/net/ethernet/intel/i40e/i40e_debugfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/intel/i40e/i40e_debugfs.c b/drivers/net/ethernet/intel/i40e/i40e_debugfs.c
index c9dcd6d..b10d00d 100644
--- a/drivers/net/ethernet/intel/i40e/i40e_debugfs.c
+++ b/drivers/net/ethernet/intel/i40e/i40e_debugfs.c
@@ -1356,7 +1356,7 @@ static ssize_t i40e_dbg_command_write(struct file *filp,
goto command_write_done;
}
/* Just stub a buffer big enough in case user messed up */
- if (buffer_len == 0)
+ if (buffer_len == 0 || buffer_len > 1280)
buffer_len = 1280;
buff = kzalloc(buffer_len, GFP_KERNEL);
--
2.31.1
More information about the Intel-wired-lan
mailing list