oce: Tighten input validation for SIOCGI2C.
ClosedPublic
Actions

Authored by markj on Dec 17 2019, 9:24 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Thu, Apr 25, 11:48 PM

	Unknown Object (File)
	Mar 10 2024, 6:51 AM

	Unknown Object (File)
	Feb 29 2024, 3:52 AM

	Unknown Object (File)
	Feb 13 2024, 12:59 AM

	Unknown Object (File)
	Jan 19 2024, 12:37 PM

	Unknown Object (File)
	Dec 20 2023, 7:47 AM

	Unknown Object (File)
	Dec 10 2023, 2:30 PM

	Unknown Object (File)
	Nov 17 2023, 8:19 AM

View All 27 Files

Subscribers

emaste

imp

Details

Reviewers

delphij
ram

Commits

rS355885: oce: Tighten input validation in the SIOCGI2C handler.

Summary

We need to ensure that we do not read past the end of
sfp_vpd_dump_buffer. Currently it is possible to read 8 bytes beyond
its end. Note that the offset and length are uint8_t's.

Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com>
MFC after: 3 days
Sponsored by: The FreeBSD Foundation

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

markj created this revision.Dec 17 2019, 9:24 PM

Harbormaster completed remote builds in B28204: Diff 65760.Dec 17 2019, 9:24 PM

markj added reviewers: delphij, ram.Dec 17 2019, 9:25 PM

markj added a subscriber: emaste.

The changes look good.

This revision is now accepted and ready to land.Dec 18 2019, 7:27 AM

delphij accepted this revision.Dec 18 2019, 8:27 AM

Closed by commit rS355885: oce: Tighten input validation in the SIOCGI2C handler. (authored by markj). · Explain WhyDec 18 2019, 6:44 PM

This revision was automatically updated to reflect the committed changes.

markj added a commit: rS355885: oce: Tighten input validation in the SIOCGI2C handler..

Herald added a subscriber: imp. · View Herald TranscriptDec 18 2019, 6:44 PM

Revision Contents
Changeset List

Path

Size

head/

sys/

dev/

oce/

oce_if.c

17 lines

Diff 65787

View Options

oce: Tighten input validation for SIOCGI2C.ClosedPublicActions