Re: [PATCH net-next] bnx2x: initialize ethtool info->fw_version before use

From: Jakub Kicinski
Date: Mon Nov 18 2019 - 17:21:38 EST

Next message: Rob Herring: "Re: [PATCH] dt-bindings: clock: Move ti-dra7-atl.h to dt-bindigs/clock"
Previous message: Arnaldo Carvalho de Melo: "Re: [PATCH v2] perf tools: report initial event parsing error"
In reply to: Jonathan Toppins: "[PATCH net-next] bnx2x: initialize ethtool info->fw_version before use"
Next in thread: David Miller: "Re: [PATCH net-next] bnx2x: initialize ethtool info->fw_version before use"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 18 Nov 2019 12:07:53 -0500, Jonathan Toppins wrote:
> If the info->fw_version has garbage in the buffer this can lead to a BUG()
> being generated in strlcat() due to the use of strlen(). Initialize the
> buffer before use.
>
> The use of a systemtap script can demonstrate the problem by injecting
> garbage into fw_version:

> @@ -1111,6 +1111,8 @@ static void bnx2x_get_drvinfo(struct net_device *dev,
> int ext_dev_info_offset;
> u32 mbi;
>
> + info->fw_version[0] = 0;
> +
> strlcpy(info->driver, DRV_MODULE_NAME, sizeof(info->driver));
> strlcpy(info->version, DRV_MODULE_VERSION, sizeof(info->version));

I don't know systemtap, so it's very unclear what you're trying to fix
here. Setting random fields of info to 0 seems pointless as the entire
structure is zeroed before the call in ethtool_get_drvinfo().

Please explain.

Next message: Rob Herring: "Re: [PATCH] dt-bindings: clock: Move ti-dra7-atl.h to dt-bindigs/clock"
Previous message: Arnaldo Carvalho de Melo: "Re: [PATCH v2] perf tools: report initial event parsing error"
In reply to: Jonathan Toppins: "[PATCH net-next] bnx2x: initialize ethtool info->fw_version before use"
Next in thread: David Miller: "Re: [PATCH net-next] bnx2x: initialize ethtool info->fw_version before use"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]