aboutsummaryrefslogtreecommitdiffstats
path: root/target/linux/generic/files/drivers/net/phy/ar8216.c
diff options
context:
space:
mode:
authorPavel Kubelun <be.dissent@gmail.com>2016-11-28 18:10:05 +0300
committerJohn Crispin <john@phrozen.org>2016-12-01 15:47:43 +0100
commit5a69f596027ff45d9daf7c6584a8a9d4f7ea0770 (patch)
tree1ae97a06eda8aeb019ee097dff27edf0d5c1d8ed /target/linux/generic/files/drivers/net/phy/ar8216.c
parenta3454d1929abb452102ad7639ade192caf98719e (diff)
downloadupstream-5a69f596027ff45d9daf7c6584a8a9d4f7ea0770.tar.gz
upstream-5a69f596027ff45d9daf7c6584a8a9d4f7ea0770.tar.bz2
upstream-5a69f596027ff45d9daf7c6584a8a9d4f7ea0770.zip
net: ar8216: address security vulnerabilities in swconfig & ar8216
Imported from https://chromium.googlesource.com/chromiumos/third_party/kernel/+/e1aaf7ec008a97311867f0a7d0418e4693fecfd4%5E%21/#F0 Signed-off-by: Pavel Kubelun <be.dissent@gmail.com> CHROMIUM: net: ar8216: address security vulnerabilities in swconfig & ar8216 This patch does the following changes: *address the security vulnerabilities in both swconfig framework and in ar8216 driver (many bound check additions, and turned swconfig structure signed element into unsigned when applicable) *address a couple of whitespaces and indendation issues BUG=chrome-os-partner:33096 TEST=none Change-Id: I94ea78fcce8c1932cc584d1508c6e3b5dfb93ce9 Signed-off-by: Mathieu Olivari <mathieu@codeaurora.org> Reviewed-on: https://chromium-review.googlesource.com/236490 Reviewed-by: Toshi Kikuchi <toshik@chromium.org> Commit-Queue: Toshi Kikuchi <toshik@chromium.org> Tested-by: Toshi Kikuchi <toshik@chromium.org>
Diffstat (limited to 'target/linux/generic/files/drivers/net/phy/ar8216.c')
-rw-r--r--target/linux/generic/files/drivers/net/phy/ar8216.c21
1 files changed, 17 insertions, 4 deletions
diff --git a/target/linux/generic/files/drivers/net/phy/ar8216.c b/target/linux/generic/files/drivers/net/phy/ar8216.c
index 6c670dd75f..746d8e6c3d 100644
--- a/target/linux/generic/files/drivers/net/phy/ar8216.c
+++ b/target/linux/generic/files/drivers/net/phy/ar8216.c
@@ -536,7 +536,7 @@ ar8216_mangle_rx(struct net_device *dev, struct sk_buff *skb)
if ((buf[12 + 2] != 0x81) || (buf[13 + 2] != 0x00))
return;
- port = buf[0] & 0xf;
+ port = buf[0] & 0x7;
/* no need to fix up packets coming from a tagged source */
if (priv->vlan_tagged & (1 << port))
@@ -949,7 +949,8 @@ ar8xxx_sw_set_pvid(struct switch_dev *dev, int port, int vlan)
/* make sure no invalid PVIDs get set */
- if (vlan >= dev->vlans)
+ if (vlan < 0 || vlan >= dev->vlans ||
+ port < 0 || port >= AR8X16_MAX_PORTS)
return -EINVAL;
priv->pvid[port] = vlan;
@@ -960,6 +961,10 @@ int
ar8xxx_sw_get_pvid(struct switch_dev *dev, int port, int *vlan)
{
struct ar8xxx_priv *priv = swdev_to_ar8xxx(dev);
+
+ if (port < 0 || port >= AR8X16_MAX_PORTS)
+ return -EINVAL;
+
*vlan = priv->pvid[port];
return 0;
}
@@ -969,6 +974,10 @@ ar8xxx_sw_set_vid(struct switch_dev *dev, const struct switch_attr *attr,
struct switch_val *val)
{
struct ar8xxx_priv *priv = swdev_to_ar8xxx(dev);
+
+ if (val->port_vlan >= AR8X16_MAX_PORTS)
+ return -EINVAL;
+
priv->vlan_id[val->port_vlan] = val->value.i;
return 0;
}
@@ -996,9 +1005,13 @@ static int
ar8xxx_sw_get_ports(struct switch_dev *dev, struct switch_val *val)
{
struct ar8xxx_priv *priv = swdev_to_ar8xxx(dev);
- u8 ports = priv->vlan_table[val->port_vlan];
+ u8 ports;
int i;
+ if (val->port_vlan >= AR8X16_MAX_VLANS)
+ return -EINVAL;
+
+ ports = priv->vlan_table[val->port_vlan];
val->len = 0;
for (i = 0; i < dev->ports; i++) {
struct switch_port *p;
@@ -1378,7 +1391,7 @@ ar8xxx_sw_get_port_mib(struct switch_dev *dev,
struct ar8xxx_priv *priv = swdev_to_ar8xxx(dev);
const struct ar8xxx_chip *chip = priv->chip;
u64 *mib_stats, mib_data;
- int port;
+ unsigned int port;
int ret;
char *buf = priv->buf;
char buf1[64];
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-30 22:22:44 +0000