Re: [RFC PATCH] netxen_nic: null-terminate serial number string in netxen_check_options()

From: David Miller
Date: Wed Apr 26 2017 - 14:38:39 EST

Next message: David Miller: "Re: [PATCH v2] macsec: dynamically allocate space for sglist"
Previous message: David Miller: "Re: [PATCH v1] net: phy: fix auto-negotiation stall due to unavailable interrupt"
In reply to: Jerome Marchand: "[RFC PATCH] netxen_nic: null-terminate serial number string in netxen_check_options()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: "Jerome Marchand" <jmarchan@xxxxxxxxxx>
Date: Tue, 25 Apr 2017 09:42:29 +0200

> The serial_num string in netxen_check_options() is not always properly
> null-terminated. I couldn't find the documention on the serial number
> format and I suspect a proper integer to string conversion is in
> order, but this patch a least prevents the out-of-bound access.
>
> It solves the following kasan warning:
...
> @@ -842,7 +842,7 @@ netxen_check_options(struct netxen_adapter *adapter)
> {
> u32 fw_major, fw_minor, fw_build, prev_fw_version;
> char brd_name[NETXEN_MAX_SHORT_NAME];
> - char serial_num[32];
> + char serial_num[33];
> int i, offset, val, err;
> __le32 *ptr32;
> struct pci_dev *pdev = adapter->pdev;

Another problem is that the serial_num array is only 4-byte aligned by
accident. Steps are necessary to make sure the ptr32 assignments don't
take unaligned traps.

Something like:

union {
char buf[33];
__le32 dummy;
} serial_num;

Next message: David Miller: "Re: [PATCH v2] macsec: dynamically allocate space for sglist"
Previous message: David Miller: "Re: [PATCH v1] net: phy: fix auto-negotiation stall due to unavailable interrupt"
In reply to: Jerome Marchand: "[RFC PATCH] netxen_nic: null-terminate serial number string in netxen_check_options()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]