[Intel-wired-lan] [PATCH net v1] i40e: fix passing tainted expression to kzalloc()

Paul Menzel pmenzel at molgen.mpg.de
Tue Mar 28 11:25:55 UTC 2023


Dear Aleksandr,


Thank you for your patch.

Am 28.03.23 um 07:41 schrieb Loktionov, Aleksandr:
> From: Aleksandr Loktionov <aleksandr.loktionov at intel.com>
> 
> Add buff_size limit of 1280 bytes for user input value.

Why did you choose 1280 bytes and not some other number?

For the commit message summary/title you could use:

i40e: Limit expression passed to kzalloc() to 1280 bytes

> Fixes: f1143c4b0f60 ("i40e: Expose AQ debugfs hooks")
> Signed-off-by: Aleksandr Loktionov <aleksandr.loktionov at intel.com>
> ---
>   drivers/net/ethernet/intel/i40e/i40e_debugfs.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/net/ethernet/intel/i40e/i40e_debugfs.c b/drivers/net/ethernet/intel/i40e/i40e_debugfs.c
> index c9dcd6d..b10d00d 100644
> --- a/drivers/net/ethernet/intel/i40e/i40e_debugfs.c
> +++ b/drivers/net/ethernet/intel/i40e/i40e_debugfs.c
> @@ -1356,7 +1356,7 @@ static ssize_t i40e_dbg_command_write(struct file *filp,
>   			goto command_write_done;
>   		}
>   		/* Just stub a buffer big enough in case user messed up */
> -		if (buffer_len == 0)
> +		if (buffer_len == 0 || buffer_len > 1280)
>   			buffer_len = 1280;
>   
>   		buff = kzalloc(buffer_len, GFP_KERNEL);


Kind regards,

Paul


More information about the Intel-wired-lan mailing list