From: Firo Yang <firogm@gmail.com>
To: davem@davemloft.net, alan@linux.intel.com
Cc: t.sailer@alumni.ethz.ch, wharms@bfs.de, andreyknvl@google.com,
linux-hams@vger.kernel.org, gregkh@linuxfoundation.org,
netdev@vger.kernel.org, thomas@osterried.de,
javier@osg.samsung.com, dhowells@redhat.com,
geliangtang@gmail.com, linux-kernel@vger.kernel.org,
Firo Yang <firogm@gmail.com>
Subject: [PATCH v3] hdlcdrv: Fix divide by zero in hdlcdrv_ioctl
Date: Fri, 26 May 2017 22:37:38 +0800 [thread overview]
Message-ID: <20170526143738.26749-1-firogm@gmail.com> (raw)
In-Reply-To: <CAAeHK+ya2sAtLmJ0VyP6e=13OXUw98dp1WdRFU=o5+xGFGPtbQ@mail.gmail.com>
syszkaller fuzzer triggered a divide by zero, when set calibration
through ioctl().
To fix it, test 'bitrate' if it is negative or 0, just return -EINVAL.
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Firo Yang <firogm@gmail.com>
---
v2->v3:
Just fix divide error and remove netif_running() test.
Refine the testing code as David Miller suggested.
v1->v2:
Change Reported-by to Andrey Konovalov.
Send it to original report thread.
v0->v1:
Reviewed by walter harms <wharms@bfs.de>.
Return ENODEV instead of EPERM if !netif_running(dev)
Check if s->par.bitrate > 0.
drivers/net/hamradio/hdlcdrv.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/hamradio/hdlcdrv.c b/drivers/net/hamradio/hdlcdrv.c
index 8c3633c..97e3bc6 100644
--- a/drivers/net/hamradio/hdlcdrv.c
+++ b/drivers/net/hamradio/hdlcdrv.c
@@ -576,6 +576,8 @@ static int hdlcdrv_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
case HDLCDRVCTL_CALIBRATE:
if(!capable(CAP_SYS_RAWIO))
return -EPERM;
+ if (s->par.bitrate <= 0)
+ return -EINVAL;
if (bi.data.calibrate > INT_MAX / s->par.bitrate)
return -EINVAL;
s->hdlctx.calibrate = bi.data.calibrate * s->par.bitrate / 16;
--
2.9.4
next prev parent reply other threads:[~2017-05-26 14:37 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-16 15:05 drivers/net/hamradio: divide error in hdlcdrv_ioctl Andrey Konovalov
2017-05-16 15:05 ` Andrey Konovalov
2017-05-17 20:07 ` Alan Cox
2017-05-19 0:29 ` Andrey Konovalov
2017-05-19 13:21 ` [PATCH v2] hdlcdrv: fix divide error bug if bitrate is 0 Firo Yang
2017-05-19 21:41 ` David Miller
2017-05-26 14:37 ` Firo Yang [this message]
2017-05-27 22:45 ` [PATCH v3] hdlcdrv: Fix divide by zero in hdlcdrv_ioctl David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170526143738.26749-1-firogm@gmail.com \
--to=firogm@gmail.com \
--cc=alan@linux.intel.com \
--cc=andreyknvl@google.com \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=geliangtang@gmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=javier@osg.samsung.com \
--cc=linux-hams@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=t.sailer@alumni.ethz.ch \
--cc=thomas@osterried.de \
--cc=wharms@bfs.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.