oce: Tighten input validation for SIOCGI2C.
ClosedPublic
Actions

Authored by markj on Dec 17 2019, 9:24 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Fri, Mar 14, 10:37 PM

	Unknown Object (File)
	Fri, Mar 14, 10:05 AM

	Unknown Object (File)
	Fri, Feb 28, 6:15 PM

	Unknown Object (File)
	Feb 21 2025, 8:48 AM

	Unknown Object (File)
	Feb 9 2025, 6:49 PM

	Unknown Object (File)
	Jan 23 2025, 11:42 PM

	Unknown Object (File)
	Nov 22 2024, 8:35 AM

	Unknown Object (File)
	Nov 22 2024, 8:35 AM

View All 58 Files

Subscribers

emaste

imp

Details

Reviewers

delphij
ram

Commits

rS355885: oce: Tighten input validation in the SIOCGI2C handler.

Summary

We need to ensure that we do not read past the end of
sfp_vpd_dump_buffer. Currently it is possible to read 8 bytes beyond
its end. Note that the offset and length are uint8_t's.

Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com>
MFC after: 3 days
Sponsored by: The FreeBSD Foundation

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

markj created this revision.Dec 17 2019, 9:24 PM

Harbormaster completed remote builds in B28204: Diff 65760.Dec 17 2019, 9:24 PM

markj added reviewers: delphij, ram.Dec 17 2019, 9:25 PM

markj added a subscriber: emaste.

The changes look good.

This revision is now accepted and ready to land.Dec 18 2019, 7:27 AM

delphij accepted this revision.Dec 18 2019, 8:27 AM

Closed by commit rS355885: oce: Tighten input validation in the SIOCGI2C handler. (authored by markj). · Explain WhyDec 18 2019, 6:44 PM

This revision was automatically updated to reflect the committed changes.

markj added a commit: rS355885: oce: Tighten input validation in the SIOCGI2C handler..

Herald added a subscriber: imp. · View Herald TranscriptDec 18 2019, 6:44 PM

Revision Contents
Changeset List

Path

Size

head/

sys/

dev/

oce/

oce_if.c

17 lines

Diff 65787

View Options

oce: Tighten input validation for SIOCGI2C.ClosedPublicActions