From mboxrd@z Thu Jan  1 00:00:00 1970
From: Dan Carpenter <dan.carpenter@oracle.com>
Subject: [PATCH] net/ncsi: prevent a couple array underflows
Date: Thu, 17 May 2018 15:33:36 +0300
Message-ID: <20180517123336.GB7655@mwanda>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: netdev@vger.kernel.org, Gavin Shan <gwshan@linux.vnet.ibm.com>,
        kernel-janitors@vger.kernel.org
To: "David S. Miller" <davem@davemloft.net>,
        Samuel Mendoza-Jonas <sam@mendozajonas.com>
Return-path: <netdev-owner@vger.kernel.org>
Received: from aserp2130.oracle.com ([141.146.126.79]:42400 "EHLO
        aserp2130.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1750779AbeEQMdy (ORCPT
        <rfc822;netdev@vger.kernel.org>); Thu, 17 May 2018 08:33:54 -0400
Content-Disposition: inline
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

We recently refactored this code and introduced a static checker
warning.  Smatch complains that if cmd->index is zero then we would
underflow the arrays.  That's obviously true.

The question is whether we prevent cmd->index from being zero at a
different level.  I've looked at the code and I don't immediately see
a check for that.

Fixes: 062b3e1b6d4f ("net/ncsi: Refactor MAC, VLAN filters")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

diff --git a/net/ncsi/ncsi-rsp.c b/net/ncsi/ncsi-rsp.c
index ce9497966ebe..a6b7c7d5c829 100644
--- a/net/ncsi/ncsi-rsp.c
+++ b/net/ncsi/ncsi-rsp.c
@@ -347,7 +347,7 @@ static int ncsi_rsp_handler_svf(struct ncsi_request *nr)
 
 	cmd = (struct ncsi_cmd_svf_pkt *)skb_network_header(nr->cmd);
 	ncf = &nc->vlan_filter;
-	if (cmd->index > ncf->n_vids)
+	if (cmd->index == 0 || cmd->index > ncf->n_vids)
 		return -ERANGE;
 
 	/* Add or remove the VLAN filter. Remember HW indexes from 1 */
@@ -445,7 +445,8 @@ static int ncsi_rsp_handler_sma(struct ncsi_request *nr)
 	ncf = &nc->mac_filter;
 	bitmap = &ncf->bitmap;
 
-	if (cmd->index > ncf->n_uc + ncf->n_mc + ncf->n_mixed)
+	if (cmd->index == 0 ||
+	    cmd->index > ncf->n_uc + ncf->n_mc + ncf->n_mixed)
 		return -ERANGE;
 
 	index = (cmd->index - 1) * ETH_ALEN;