mirror of
https://github.com/torvalds/linux.git
synced 2024-11-13 07:31:45 +00:00
47cd3770e3
There are three places that qla4xxx parses nlattrs: - qla4xxx_set_chap_entry() - qla4xxx_iface_set_param() - qla4xxx_sysfs_ddb_set_param() and each of them directly converts the nlattr to specific pointer of structure without length checking. This could be dangerous as those attributes are not validated and a malformed nlattr (e.g., length 0) could result in an OOB read that leaks heap dirty data. Add the nla_len check before accessing the nlattr data and return EINVAL if the length check fails. Fixes: |
||
---|---|---|
.. | ||
Kconfig | ||
Makefile | ||
ql4_83xx.c | ||
ql4_83xx.h | ||
ql4_attr.c | ||
ql4_bsg.c | ||
ql4_bsg.h | ||
ql4_dbg.c | ||
ql4_dbg.h | ||
ql4_def.h | ||
ql4_fw.h | ||
ql4_glbl.h | ||
ql4_init.c | ||
ql4_inline.h | ||
ql4_iocb.c | ||
ql4_isr.c | ||
ql4_mbx.c | ||
ql4_nvram.c | ||
ql4_nvram.h | ||
ql4_nx.c | ||
ql4_nx.h | ||
ql4_os.c | ||
ql4_version.h |