diff mbox series

[v1,19/22] net/ixgbe/base: prevent untrusted loop bound

Message ID	666102a18ae39c8e1f0beb08640224aaff0169fc.1713964708.git.anatoly.burakov@intel.com (mailing list archive)
State	Superseded
Delegated to:	Bruce Richardson
Headers	From: Anatoly Burakov <anatoly.burakov@intel.com> To: dev@dpdk.org Cc: Dawid Zielinski <dawid.zielinski@intel.com>, vladimir.medvedkin@intel.com, bruce.richardson@intel.com Subject: [PATCH v1 19/22] net/ixgbe/base: prevent untrusted loop bound Date: Wed, 24 Apr 2024 14:21:53 +0100 Message-ID: <666102a18ae39c8e1f0beb08640224aaff0169fc.1713964708.git.anatoly.burakov@intel.com> In-Reply-To: <cover.1713964707.git.anatoly.burakov@intel.com> References: <cover.1713964707.git.anatoly.burakov@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Errors-To: dev-bounces@dpdk.org
Series	Update IXGBE base driver \| [v1,00/22] Update IXGBE base driver [v1,01/22] net/ixgbe/base: revert remove default advertising for x550 2.5G/5G [v1,02/22] net/ixgbe/base: fix wrong 5G link speed reported on VF [v1,03/22] net/ixgbe/base: fix PHY ID for X550 [v1,04/22] net/ixgbe/base: rename message type macros [v1,05/22] net/ixgbe/base: correct registers names to match datasheet [v1,06/22] net/ixgbe/base: introduce new mailbox API [v1,07/22] net/ixgbe/base: increase DCB BW calculation for MTU from 4088 to 9128 [v1,08/22] net/ixgbe/base: fix crash while loading driver [v1,09/22] net/ixgbe/base: improve function comments [v1,10/22] net/ixgbe/base: add fw_rst_cnt field to ixgbe_hw struct [v1,11/22] net/ixgbe/base: replace HIC with direct register access [v1,12/22] net/ixgbe/base: added link state handling [v1,13/22] net/ixgbe/base: handle -Wimplicit-fallthrough [v1,14/22] net/ixgbe/base: remove non-inclusive language [v1,15/22] net/ixgbe/base: filter out spurious link up indication [v1,16/22] net/ixgbe/base: remove circular header dependency [v1,17/22] net/ixgbe/base: add missing QV defines [v1,18/22] net/ixgbe/base: improve SWFW semaphore acquisition [v1,19/22] net/ixgbe/base: prevent untrusted loop bound [v1,20/22] net/ixgbe/base: add IXGBE_ADVTXD_MACLEN_MASK macro [v1,21/22] net/ixgbe/base: remove prototypes of unimplemented functions [v1,22/22] net/ixgbe/base: add support for E610 device

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK

Commit Message

Anatoly Burakov April 24, 2024, 1:21 p.m. UTC

  From: Dawid Zielinski <dawid.zielinski@intel.com>

Added length check against EEPROM size in words to prevent untrusted
loop bound reported by static code analysis.

Signed-off-by: Dawid Zielinski <dawid.zielinski@intel.com>
---
 drivers/net/ixgbe/base/ixgbe_common.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff mbox series

Patch

diff --git a/drivers/net/ixgbe/base/ixgbe_common.c b/drivers/net/ixgbe/base/ixgbe_common.c
index a19f4d715c..73b5935d88 100644
--- a/drivers/net/ixgbe/base/ixgbe_common.c
+++ b/drivers/net/ixgbe/base/ixgbe_common.c
@@ -675,7 +675,7 @@  s32 ixgbe_read_pba_string_generic(struct ixgbe_hw *hw, u8 *pba_num,
 		return ret_val;
 	}
 
-	if (length == 0xFFFF || length == 0) {
+	if (length == 0xFFFF || length == 0 || length > hw->eeprom.word_size) {
 		DEBUGOUT("NVM PBA number section invalid length\n");
 		return IXGBE_ERR_PBA_SECTION;
 	}