* ethtool 5.2 qsfp.c heap buffer overflow
@ 2019-09-24 7:41 Qiwei Wen
0 siblings, 0 replies; only message in thread
From: Qiwei Wen @ 2019-09-24 7:41 UTC (permalink / raw)
To: netdev
Hi,
The function "sff8636_dom_parse", called from "sff8636_show_dom",
disregards the module eeprom size returned from the driver and assumes
the existence of upper pages, e.g.
sd->sfp_temp[HALRM] = SFF8636_OFFSET_TO_TEMP(SFF8636_TEMP_HALRM);
To reproduce: return ETH_MODULE_SFF_8636_LEN (256) for module eeprom
length in NIC driver, compile ethtool 5.2 with clang and address
sanitizer linked in, run ethtool -m.
Best regards,
Dave
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2019-09-24 7:41 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-24 7:41 ethtool 5.2 qsfp.c heap buffer overflow Qiwei Wen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).