summaryrefslogtreecommitdiff
path: root/drivers/net/usb
diff options
context:
space:
mode:
authorOliver Neukum <oneukum@suse.com>2019-11-14 13:16:01 +0300
committerDavid S. Miller <davem@davemloft.net>2019-11-15 23:18:45 +0300
commita9a51bd727d141a67b589f375fe69d0e54c4fe22 (patch)
treee3b6e6e089f5dc283edef8a559138838fd634e48 /drivers/net/usb
parent4d189c1026fac6af922e16538fb7c653bbeed778 (diff)
downloadlinux-a9a51bd727d141a67b589f375fe69d0e54c4fe22.tar.xz
ax88172a: fix information leak on short answers
If a malicious device gives a short MAC it can elicit up to 5 bytes of leaked memory out of the driver. We need to check for ETH_ALEN instead. Reported-by: syzbot+a8d4acdad35e6bbca308@syzkaller.appspotmail.com Signed-off-by: Oliver Neukum <oneukum@suse.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'drivers/net/usb')
-rw-r--r--drivers/net/usb/ax88172a.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/net/usb/ax88172a.c b/drivers/net/usb/ax88172a.c
index 011bd4cb546e..af3994e0853b 100644
--- a/drivers/net/usb/ax88172a.c
+++ b/drivers/net/usb/ax88172a.c
@@ -196,7 +196,7 @@ static int ax88172a_bind(struct usbnet *dev, struct usb_interface *intf)
/* Get the MAC address */
ret = asix_read_cmd(dev, AX_CMD_READ_NODE_ID, 0, 0, ETH_ALEN, buf, 0);
- if (ret < 0) {
+ if (ret < ETH_ALEN) {
netdev_err(dev->net, "Failed to read MAC address: %d\n", ret);
goto free;
}