leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
a6921dd524
linux/drivers/net/can
History
Dan Carpenter a6921dd524 can: peak_usb: add range checking in decode operations 
These values come from skb->data so Smatch considers them untrusted.  I
believe Smatch is correct but I don't have a way to test this.

The usb_if->dev[] array has 2 elements but the index is in the 0-15
range without checks.  The cfd->len can be up to 255 but the maximum
valid size is CANFD_MAX_DLEN (64) so that could lead to memory
corruption.

Fixes: 0a25e1f4f1 ("can: peak_usb: add support for PEAK new CANFD USB adapters")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/20200813140604.GA456946@mwanda
Acked-by: Stephane Grosjean <s.grosjean@peak-system.com>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
2020-11-03 22:30:32 +01:00
..
c_can can: c_can: reg_map_{c,d}_can: mark as __maybe_unused 2020-10-06 22:44:26 +02:00
cc770 can: drivers: fix spelling mistakes 2020-09-21 10:13:16 +02:00
ifi_canfd treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
m_can Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-10-15 12:43:21 -07:00
mscan can: mscan: simplify clock enable/disable 2020-09-21 10:13:19 +02:00
peak_canfd can: peak_canfd: Remove unused macros 2020-09-21 10:13:18 +02:00
rcar treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
sja1000 can: drivers: fix spelling mistakes 2020-09-21 10:13:16 +02:00
softing can: softing: softing_card_shutdown(): add braces around empty body in an 'if' statement 2020-10-06 22:44:03 +02:00
spi can: mcp251xfd: rename all remaining occurrence to mcp251xfd 2020-09-30 21:55:28 +02:00
usb can: peak_usb: add range checking in decode operations 2020-11-03 22:30:32 +01:00
at91_can.c can: drivers: fix spelling mistakes 2020-09-21 10:13:16 +02:00
dev.c can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames 2020-11-03 22:30:12 +01:00
flexcan.c can: flexcan: remove ack_grp and ack_bit handling from driver 2020-10-07 23:18:33 +02:00
grcan.c can: drivers: fix spelling mistakes 2020-09-21 10:13:16 +02:00
janz-ican3.c treewide: Remove uninitialized_var() usage 2020-07-16 12:35:15 -07:00
Kconfig can: slcan: update dead link 2020-09-21 10:13:16 +02:00
kvaser_pciefd.c can: kvaser_pciefd: the PWM generator is running at the bus frequency of the system. 2019-09-03 10:23:57 +02:00
led.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
Makefile can: kvaser_pciefd: Add driver for Kvaser PCIEcan devices 2019-07-24 10:31:53 +02:00
pch_can.c can: pch_can: use generic power management 2020-09-21 10:13:18 +02:00
rx-offload.c can: rx-offload: don't call kfree_skb() from IRQ context 2020-11-03 22:24:19 +01:00
slcan.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
sun4i_can.c net: Fix return value about devm_platform_ioremap_resource() 2020-05-23 16:28:25 -07:00
ti_hecc.c can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in error path 2020-11-03 22:30:32 +01:00
vcan.c can: make use of preallocated can_ml_priv for per device struct can_dev_rcv_lists 2019-09-04 13:29:15 +02:00
vxcan.c can: make use of preallocated can_ml_priv for per device struct can_dev_rcv_lists 2019-09-04 13:29:15 +02:00
xilinx_can.c can: xilinx_can: handle failure cases of pm_runtime_get_sync 2020-11-03 22:30:32 +01:00