diff options
Diffstat (limited to 'target/linux/generic/backport-5.15/702-v5.19-32-net-ethernet-mtk_eth_soc-out-of-bounds-read-in-mtk_h.patch')
-rw-r--r-- | target/linux/generic/backport-5.15/702-v5.19-32-net-ethernet-mtk_eth_soc-out-of-bounds-read-in-mtk_h.patch | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/target/linux/generic/backport-5.15/702-v5.19-32-net-ethernet-mtk_eth_soc-out-of-bounds-read-in-mtk_h.patch b/target/linux/generic/backport-5.15/702-v5.19-32-net-ethernet-mtk_eth_soc-out-of-bounds-read-in-mtk_h.patch new file mode 100644 index 0000000000..e3250e9284 --- /dev/null +++ b/target/linux/generic/backport-5.15/702-v5.19-32-net-ethernet-mtk_eth_soc-out-of-bounds-read-in-mtk_h.patch @@ -0,0 +1,25 @@ +From: Dan Carpenter <dan.carpenter@oracle.com> +Date: Thu, 26 May 2022 11:02:42 +0300 +Subject: [PATCH] net: ethernet: mtk_eth_soc: out of bounds read in + mtk_hwlro_get_fdir_entry() + +The "fsp->location" variable comes from user via ethtool_get_rxnfc(). +Check that it is valid to prevent an out of bounds read. + +Fixes: 7aab747e5563 ("net: ethernet: mediatek: add ethtool functions to configure RX flows of HW LRO") +Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> +Signed-off-by: David S. Miller <davem@davemloft.net> +--- + +--- a/drivers/net/ethernet/mediatek/mtk_eth_soc.c ++++ b/drivers/net/ethernet/mediatek/mtk_eth_soc.c +@@ -2230,6 +2230,9 @@ static int mtk_hwlro_get_fdir_entry(stru + struct ethtool_rx_flow_spec *fsp = + (struct ethtool_rx_flow_spec *)&cmd->fs; + ++ if (fsp->location >= ARRAY_SIZE(mac->hwlro_ip)) ++ return -EINVAL; ++ + /* only tcp dst ipv4 is meaningful, others are meaningless */ + fsp->flow_type = TCP_V4_FLOW; + fsp->h_u.tcp_ip4_spec.ip4dst = ntohl(mac->hwlro_ip[fsp->location]); |