summaryrefslogtreecommitdiff
path: root/drivers/net/tun.c
diff options
context:
space:
mode:
authorTeng Qi <starmiku1207184332@gmail.com>2021-11-17 06:44:53 +0300
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2021-12-08 10:50:12 +0300
commitdd07f8971b81ad98cc754b179b331b57f35aa1ff (patch)
tree56f6496022fee93ae1663a40162bfab1d4bf80fd /drivers/net/tun.c
parent2d95244ebcc6424b1e784ce594d2e08f4f8b3cd9 (diff)
downloadlinux-dd07f8971b81ad98cc754b179b331b57f35aa1ff.tar.xz
ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port()
[ Upstream commit a66998e0fbf213d47d02813b9679426129d0d114 ] The if statement: if (port >= DSAF_GE_NUM) return; limits the value of port less than DSAF_GE_NUM (i.e., 8). However, if the value of port is 6 or 7, an array overflow could occur: port_rst_off = dsaf_dev->mac_cb[port]->port_rst_off; because the length of dsaf_dev->mac_cb is DSAF_MAX_PORT_NUM (i.e., 6). To fix this possible array overflow, we first check port and if it is greater than or equal to DSAF_MAX_PORT_NUM, the function returns. Reported-by: TOTE Robot <oslab@tsinghua.edu.cn> Signed-off-by: Teng Qi <starmiku1207184332@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'drivers/net/tun.c')
0 files changed, 0 insertions, 0 deletions