[Intel-wired-lan] [PATCH net v1] i40e: fix passing tainted expression to kzalloc()
Paul Menzel
pmenzel at molgen.mpg.de
Tue Mar 28 11:25:55 UTC 2023
Dear Aleksandr,
Thank you for your patch.
Am 28.03.23 um 07:41 schrieb Loktionov, Aleksandr:
> From: Aleksandr Loktionov <aleksandr.loktionov at intel.com>
>
> Add buff_size limit of 1280 bytes for user input value.
Why did you choose 1280 bytes and not some other number?
For the commit message summary/title you could use:
i40e: Limit expression passed to kzalloc() to 1280 bytes
> Fixes: f1143c4b0f60 ("i40e: Expose AQ debugfs hooks")
> Signed-off-by: Aleksandr Loktionov <aleksandr.loktionov at intel.com>
> ---
> drivers/net/ethernet/intel/i40e/i40e_debugfs.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/net/ethernet/intel/i40e/i40e_debugfs.c b/drivers/net/ethernet/intel/i40e/i40e_debugfs.c
> index c9dcd6d..b10d00d 100644
> --- a/drivers/net/ethernet/intel/i40e/i40e_debugfs.c
> +++ b/drivers/net/ethernet/intel/i40e/i40e_debugfs.c
> @@ -1356,7 +1356,7 @@ static ssize_t i40e_dbg_command_write(struct file *filp,
> goto command_write_done;
> }
> /* Just stub a buffer big enough in case user messed up */
> - if (buffer_len == 0)
> + if (buffer_len == 0 || buffer_len > 1280)
> buffer_len = 1280;
>
> buff = kzalloc(buffer_len, GFP_KERNEL);
Kind regards,
Paul
More information about the Intel-wired-lan
mailing list