oce: Tighten input validation for SIOCGI2C.
ClosedPublic
Actions

Authored by markj on Dec 17 2019, 9:24 PM.

Tags

None

Referenced Files

	F148088697: D22859.diff
	Sun, Mar 15, 4:52 PM

	F148005526: D22859.id65760.diff
	Sun, Mar 15, 3:45 AM

	Unknown Object (File)
	Sat, Mar 14, 6:18 PM

	Unknown Object (File)
	Mon, Mar 9, 8:18 AM

	Unknown Object (File)
	Mon, Mar 9, 8:17 AM

	Unknown Object (File)
	Jan 22 2026, 3:32 AM

	Unknown Object (File)
	Dec 31 2025, 1:28 AM

	Unknown Object (File)
	Dec 25 2025, 1:40 AM

View All Files

Subscribers

emaste

imp

Details

Reviewers

delphij
ram

Commits

rS355885: oce: Tighten input validation in the SIOCGI2C handler.

Summary

We need to ensure that we do not read past the end of
sfp_vpd_dump_buffer. Currently it is possible to read 8 bytes beyond
its end. Note that the offset and length are uint8_t's.

Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com>
MFC after: 3 days
Sponsored by: The FreeBSD Foundation

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

markj created this revision.Dec 17 2019, 9:24 PM

Harbormaster completed remote builds in B28204: Diff 65760.Dec 17 2019, 9:24 PM

markj added reviewers: delphij, ram.Dec 17 2019, 9:25 PM

markj added a subscriber: emaste.

The changes look good.

This revision is now accepted and ready to land.Dec 18 2019, 7:27 AM

delphij accepted this revision.Dec 18 2019, 8:27 AM

Closed by commit rS355885: oce: Tighten input validation in the SIOCGI2C handler. (authored by markj). · Explain WhyDec 18 2019, 6:44 PM

This revision was automatically updated to reflect the committed changes.

markj added a commit: rS355885: oce: Tighten input validation in the SIOCGI2C handler..

Herald added a subscriber: imp. · View Herald TranscriptDec 18 2019, 6:44 PM

Revision Contents
Changeset List

Path

Size

head/

sys/

dev/

oce/

oce_if.c

17 lines

Diff 65787

View Options

oce: Tighten input validation for SIOCGI2C.ClosedPublicActions