From: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
To: davem@davemloft.net
Cc: Colin Ian King <colin.king@canonical.com>,
netdev@vger.kernel.org, nhorman@redhat.com, sassmann@redhat.com,
jogreene@redhat.com, guru.anbalagane@oracle.com,
Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Subject: [net-next 09/15] i40e: avoid potential null pointer dereference when assigning len
Date: Tue, 20 Sep 2016 20:43:46 -0700 [thread overview]
Message-ID: <1474429432-102772-10-git-send-email-jeffrey.t.kirsher@intel.com> (raw)
In-Reply-To: <1474429432-102772-1-git-send-email-jeffrey.t.kirsher@intel.com>
From: Colin Ian King <colin.king@canonical.com>
There is a sanitcy check for desc being null in the first line of
function i40evf_debug_aq. However, before that, aq_desc is cast from
desc, and aq_desc is being dereferenced on the assignment of len, so
this could be a potential null pointer deference. Fix this by moving
the initialization of len to the code block where len is being used
and hence at this point we know it is OK to dereference aq_desc.
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
---
drivers/net/ethernet/intel/i40evf/i40e_common.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/intel/i40evf/i40e_common.c b/drivers/net/ethernet/intel/i40evf/i40e_common.c
index 4db0c03..7953c13 100644
--- a/drivers/net/ethernet/intel/i40evf/i40e_common.c
+++ b/drivers/net/ethernet/intel/i40evf/i40e_common.c
@@ -302,7 +302,6 @@ void i40evf_debug_aq(struct i40e_hw *hw, enum i40e_debug_mask mask, void *desc,
void *buffer, u16 buf_len)
{
struct i40e_aq_desc *aq_desc = (struct i40e_aq_desc *)desc;
- u16 len = le16_to_cpu(aq_desc->datalen);
u8 *buf = (u8 *)buffer;
u16 i = 0;
@@ -326,6 +325,8 @@ void i40evf_debug_aq(struct i40e_hw *hw, enum i40e_debug_mask mask, void *desc,
le32_to_cpu(aq_desc->params.external.addr_low));
if ((buffer != NULL) && (aq_desc->datalen != 0)) {
+ u16 len = le16_to_cpu(aq_desc->datalen);
+
i40e_debug(hw, mask, "AQ CMD Buffer:\n");
if (buf_len < len)
len = buf_len;
--
2.7.4
next prev parent reply other threads:[~2016-09-21 3:43 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-21 3:43 [net-next 00/15][pull request] 40GbE Intel Wired LAN Driver Updates 2016-09-20 Jeff Kirsher
2016-09-21 3:43 ` [net-next 01/15] i40e: Introduce VF port representor/control netdevs Jeff Kirsher
2016-09-21 4:22 ` Or Gerlitz
2016-09-21 5:45 ` Samudrala, Sridhar
2016-09-21 7:04 ` Or Gerlitz
2016-09-21 16:59 ` Samudrala, Sridhar
2016-09-21 19:21 ` Or Gerlitz
2016-09-21 21:23 ` Jeff Kirsher
2016-09-21 3:43 ` [net-next 02/15] i40e: Enable VF specific ethtool statistics via VF Port representor netdevs Jeff Kirsher
2016-09-21 4:26 ` Or Gerlitz
2016-09-21 5:59 ` Samudrala, Sridhar
2016-09-21 6:54 ` Or Gerlitz
2016-09-21 3:43 ` [net-next 03/15] i40e: Introduce devlink interface Jeff Kirsher
2016-09-21 3:43 ` [net-next 04/15] i40e: fix setting user defined RSS hash key Jeff Kirsher
2016-09-21 3:43 ` [net-next 05/15] i40e: fix "dump port" command when NPAR enabled Jeff Kirsher
2016-09-21 3:43 ` [net-next 06/15] i40e: return correct opcode to VF Jeff Kirsher
2016-09-21 3:43 ` [net-next 07/15] i40e: Fix to check for NULL Jeff Kirsher
2016-09-21 3:43 ` [net-next 08/15] i40e: Fix for extra byte swap in tunnel setup Jeff Kirsher
2016-09-21 3:43 ` Jeff Kirsher [this message]
2016-09-21 3:43 ` [net-next 10/15] i40e: Add support for switchdev API for Switch ID Jeff Kirsher
2016-09-21 3:43 ` [net-next 11/15] i40evf: Fix link state event handling Jeff Kirsher
2016-09-21 3:43 ` [net-next 12/15] i40e: Sync link state between VFs and VF Port representors(VFPR) Jeff Kirsher
2016-09-21 3:43 ` [net-next 13/15] i40evf: remove unnecessary error checking against i40evf_up_complete Jeff Kirsher
2016-09-21 3:43 ` [net-next 14/15] i40e: Limit TX descriptor count in cases where frag size is greater than 16K Jeff Kirsher
2016-09-21 3:43 ` [net-next 15/15] i40evf: remove unnecessary error checking against i40e_shutdown_adminq Jeff Kirsher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1474429432-102772-10-git-send-email-jeffrey.t.kirsher@intel.com \
--to=jeffrey.t.kirsher@intel.com \
--cc=colin.king@canonical.com \
--cc=davem@davemloft.net \
--cc=guru.anbalagane@oracle.com \
--cc=jogreene@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=nhorman@redhat.com \
--cc=sassmann@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).