bianbu-repo-mirror/bianbu-linux-6.6
1
0
Fork 0
mirror of https://gitee.com/bianbu-linux/linux-6.6 synced 2025-04-24 14:07:52 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

hv_netvsc: Avoid field-overflowing memcpy()

Browse source 
In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memcpy(), memmove(), and memset(), avoid
intentionally writing across neighboring fields.

Add flexible array to represent start of buf_info, improving readability
and avoid future warning where memcpy() thinks it is writing past the
end of the structure.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Kees Cook 2021-06-21 15:21:12 -07:00 committed by David S. Miller
parent 64a81b2448
commit f2fcffe392
2 changed files with 3 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

1
drivers/net/hyperv/hyperv_net.h
View file

@ -1163,6 +1163,7 @@ struct rndis_set_request {
u32 info_buflen; u32 info_buflen;
u32 info_buf_offset; u32 info_buf_offset;
u32 dev_vc_handle; u32 dev_vc_handle;
u8 info_buf[];
}; };
/* Response to NdisSetRequest */ /* Response to NdisSetRequest */

6
drivers/net/hyperv/rndis_filter.c
View file

@ -1051,10 +1051,8 @@ static int rndis_filter_set_packet_filter(struct rndis_device *dev,
set = &request->request_msg.msg.set_req; set = &request->request_msg.msg.set_req;
set->oid = RNDIS_OID_GEN_CURRENT_PACKET_FILTER; set->oid = RNDIS_OID_GEN_CURRENT_PACKET_FILTER;
set->info_buflen = sizeof(u32); set->info_buflen = sizeof(u32);
set->info_buf_offset = sizeof(struct rndis_set_request); set->info_buf_offset = offsetof(typeof(*set), info_buf);
memcpy(set->info_buf, &new_filter, sizeof(u32));
memcpy((void *)(unsigned long)set + sizeof(struct rndis_set_request),
&new_filter, sizeof(u32));
ret = rndis_filter_send_request(dev, request); ret = rndis_filter_send_request(dev, request);
if (ret == 0) { if (ret == 0) {