* [PATCH] net/ncsi: prevent a couple array underflows
@ 2018-05-17 12:33 ` Dan Carpenter
0 siblings, 0 replies; 4+ messages in thread
From: Dan Carpenter @ 2018-05-17 12:33 UTC (permalink / raw)
To: David S. Miller, Samuel Mendoza-Jonas; +Cc: netdev, Gavin Shan, kernel-janitors
We recently refactored this code and introduced a static checker
warning. Smatch complains that if cmd->index is zero then we would
underflow the arrays. That's obviously true.
The question is whether we prevent cmd->index from being zero at a
different level. I've looked at the code and I don't immediately see
a check for that.
Fixes: 062b3e1b6d4f ("net/ncsi: Refactor MAC, VLAN filters")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
diff --git a/net/ncsi/ncsi-rsp.c b/net/ncsi/ncsi-rsp.c
index ce9497966ebe..a6b7c7d5c829 100644
--- a/net/ncsi/ncsi-rsp.c
+++ b/net/ncsi/ncsi-rsp.c
@@ -347,7 +347,7 @@ static int ncsi_rsp_handler_svf(struct ncsi_request *nr)
cmd = (struct ncsi_cmd_svf_pkt *)skb_network_header(nr->cmd);
ncf = &nc->vlan_filter;
- if (cmd->index > ncf->n_vids)
+ if (cmd->index == 0 || cmd->index > ncf->n_vids)
return -ERANGE;
/* Add or remove the VLAN filter. Remember HW indexes from 1 */
@@ -445,7 +445,8 @@ static int ncsi_rsp_handler_sma(struct ncsi_request *nr)
ncf = &nc->mac_filter;
bitmap = &ncf->bitmap;
- if (cmd->index > ncf->n_uc + ncf->n_mc + ncf->n_mixed)
+ if (cmd->index == 0 ||
+ cmd->index > ncf->n_uc + ncf->n_mc + ncf->n_mixed)
return -ERANGE;
index = (cmd->index - 1) * ETH_ALEN;
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH] net/ncsi: prevent a couple array underflows
@ 2018-05-17 12:33 ` Dan Carpenter
0 siblings, 0 replies; 4+ messages in thread
From: Dan Carpenter @ 2018-05-17 12:33 UTC (permalink / raw)
To: David S. Miller, Samuel Mendoza-Jonas; +Cc: netdev, Gavin Shan, kernel-janitors
We recently refactored this code and introduced a static checker
warning. Smatch complains that if cmd->index is zero then we would
underflow the arrays. That's obviously true.
The question is whether we prevent cmd->index from being zero at a
different level. I've looked at the code and I don't immediately see
a check for that.
Fixes: 062b3e1b6d4f ("net/ncsi: Refactor MAC, VLAN filters")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
diff --git a/net/ncsi/ncsi-rsp.c b/net/ncsi/ncsi-rsp.c
index ce9497966ebe..a6b7c7d5c829 100644
--- a/net/ncsi/ncsi-rsp.c
+++ b/net/ncsi/ncsi-rsp.c
@@ -347,7 +347,7 @@ static int ncsi_rsp_handler_svf(struct ncsi_request *nr)
cmd = (struct ncsi_cmd_svf_pkt *)skb_network_header(nr->cmd);
ncf = &nc->vlan_filter;
- if (cmd->index > ncf->n_vids)
+ if (cmd->index = 0 || cmd->index > ncf->n_vids)
return -ERANGE;
/* Add or remove the VLAN filter. Remember HW indexes from 1 */
@@ -445,7 +445,8 @@ static int ncsi_rsp_handler_sma(struct ncsi_request *nr)
ncf = &nc->mac_filter;
bitmap = &ncf->bitmap;
- if (cmd->index > ncf->n_uc + ncf->n_mc + ncf->n_mixed)
+ if (cmd->index = 0 ||
+ cmd->index > ncf->n_uc + ncf->n_mc + ncf->n_mixed)
return -ERANGE;
index = (cmd->index - 1) * ETH_ALEN;
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] net/ncsi: prevent a couple array underflows
2018-05-17 12:33 ` Dan Carpenter
@ 2018-05-17 20:28 ` David Miller
-1 siblings, 0 replies; 4+ messages in thread
From: David Miller @ 2018-05-17 20:28 UTC (permalink / raw)
To: dan.carpenter; +Cc: sam, netdev, gwshan, kernel-janitors
From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Thu, 17 May 2018 15:33:36 +0300
> We recently refactored this code and introduced a static checker
> warning. Smatch complains that if cmd->index is zero then we would
> underflow the arrays. That's obviously true.
>
> The question is whether we prevent cmd->index from being zero at a
> different level. I've looked at the code and I don't immediately see
> a check for that.
>
> Fixes: 062b3e1b6d4f ("net/ncsi: Refactor MAC, VLAN filters")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Applied to net-next, thanks Dan.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] net/ncsi: prevent a couple array underflows
@ 2018-05-17 20:28 ` David Miller
0 siblings, 0 replies; 4+ messages in thread
From: David Miller @ 2018-05-17 20:28 UTC (permalink / raw)
To: dan.carpenter; +Cc: sam, netdev, gwshan, kernel-janitors
From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Thu, 17 May 2018 15:33:36 +0300
> We recently refactored this code and introduced a static checker
> warning. Smatch complains that if cmd->index is zero then we would
> underflow the arrays. That's obviously true.
>
> The question is whether we prevent cmd->index from being zero at a
> different level. I've looked at the code and I don't immediately see
> a check for that.
>
> Fixes: 062b3e1b6d4f ("net/ncsi: Refactor MAC, VLAN filters")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Applied to net-next, thanks Dan.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-05-17 20:28 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-05-17 12:33 [PATCH] net/ncsi: prevent a couple array underflows Dan Carpenter
2018-05-17 12:33 ` Dan Carpenter
2018-05-17 20:28 ` David Miller
2018-05-17 20:28 ` David Miller
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.