Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-10-23 13:40:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
A mirror of the official Linux kernel repository just in case
1,057,798 Commits 7 Branches 858 Tags 7 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
0fa68da72c
Go to file
Teng Qi 0fa68da72c net: ethernet: dec: tulip: de4x5: fix possible array overflows in type3_infoblock() 
The definition of macro MOTO_SROM_BUG is:
  #define MOTO_SROM_BUG    (lp->active == 8 && (get_unaligned_le32(
  dev->dev_addr) & 0x00ffffff) == 0x3e0008)

and the if statement
  if (MOTO_SROM_BUG) lp->active = 0;

using this macro indicates lp->active could be 8. If lp->active is 8 and
the second comparison of this macro is false. lp->active will remain 8 in:
  lp->phy[lp->active].gep = (*p ? p : NULL); p += (2 * (*p) + 1);
  lp->phy[lp->active].rst = (*p ? p : NULL); p += (2 * (*p) + 1);
  lp->phy[lp->active].mc  = get_unaligned_le16(p); p += 2;
  lp->phy[lp->active].ana = get_unaligned_le16(p); p += 2;
  lp->phy[lp->active].fdx = get_unaligned_le16(p); p += 2;
  lp->phy[lp->active].ttm = get_unaligned_le16(p); p += 2;
  lp->phy[lp->active].mci = *p;

However, the length of array lp->phy is 8, so array overflows can occur.
To fix these possible array overflows, we first check lp->active and then
return -EINVAL if it is greater or equal to ARRAY_SIZE(lp->phy) (i.e. 8).

Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
Signed-off-by: Teng Qi <starmiku1207184332@gmail.com>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-11-18 12:03:17 +00:00
arch Linux 5.15 2021-11-12 09:23:16 +10:00
block for-5.16/drivers-2021-11-09 2021-11-09 11:24:08 -08:00
certs certs: Add support for using elliptic curve keys for signing modules 2021-08-23 19:55:42 +03:00
crypto Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2021-11-12 12:35:46 -08:00
Documentation net,lsm,selinux: revert the security_sctp_assoc_established() hook 2021-11-14 12:21:53 +00:00
drivers net: ethernet: dec: tulip: de4x5: fix possible array overflows in type3_infoblock() 2021-11-18 12:03:17 +00:00
fs Networking fixes for 5.16-rc1, including fixes from bpf, can 2021-11-11 09:49:36 -08:00
include page_pool: Revert "page_pool: disable dma mapping support..." 2021-11-18 11:29:40 +00:00
init mm: allow only SLUB on PREEMPT_RT 2021-11-11 09:34:35 -08:00
ipc ipc/ipc_sysctl.c: remove fallback for !CONFIG_PROC_SYSCTL 2021-11-09 10:02:53 -08:00
kernel Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf 2021-11-16 16:53:48 -08:00
lib mm/migrate.c: remove MIGRATE_PFN_LOCKED 2021-11-11 09:34:35 -08:00
LICENSES LICENSES/dual/CC-BY-4.0: Git rid of "smart quotes" 2021-07-15 06:31:24 -06:00
mm Linux 5.15 2021-11-12 09:23:16 +10:00
net ipv6: check return value of ipv6_skip_exthdr 2021-11-18 11:42:06 +00:00
samples samples/bpf: Fix build error due to -isystem removal 2021-11-15 20:37:20 -08:00
scripts Merge branch 'akpm' (patches from Andrew) 2021-11-09 10:11:53 -08:00
security net,lsm,selinux: revert the security_sctp_assoc_established() hook 2021-11-14 12:21:53 +00:00
sound sound fixes for 5.16-rc1 2021-11-12 12:17:30 -08:00
tools selftests: add a test case for mirred egress to ingress 2021-11-16 19:17:38 -08:00
usr initramfs: Check timestamp to prevent broken cpio archive 2021-10-24 13:48:40 +09:00
virt kvm: irqfd: avoid update unmodified entries of the routing 2021-09-30 04:27:10 -04:00
.clang-format clang-format: Update with the latest for_each macro list 2021-05-12 23:32:39 +02:00
.cocciconfig
.get_maintainer.ignore Opt out of scripts/get_maintainer.pl 2019-05-16 10:53:40 -07:00
.gitattributes .gitattributes: use 'dts' diff driver for dts files 2019-12-04 19:44:11 -08:00
.gitignore .gitignore: ignore only top-level modules.builtin 2021-05-02 00:43:35 +09:00
.mailmap Merge branch 'akpm' (patches from Andrew) 2021-11-09 10:11:53 -08:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS MAINTAINERS: Move Daniel Drake to credits 2021-09-21 08:34:58 +03:00
Kbuild kbuild: rename hostprogs-y/always to hostprogs/always-y 2020-02-04 01:53:07 +09:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS MAINTAINERS: remove GR-everest-linux-l2@marvell.com 2021-11-16 19:07:01 -08:00
Makefile Kbuild updates for v5.16 2021-11-08 09:15:45 -08:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.