ax88172a: fix information leak on short answers
If a malicious device gives a short MAC it can elicit up to 5 bytes of leaked memory out of the driver. We need to check for ETH_ALEN instead. Reported-by: syzbot+a8d4acdad35e6bbca308@syzkaller.appspotmail.com Signed-off-by: Oliver Neukum <oneukum@suse.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Родитель
4d189c1026
Коммит
a9a51bd727
|
@ -196,7 +196,7 @@ static int ax88172a_bind(struct usbnet *dev, struct usb_interface *intf)
|
|||
|
||||
/* Get the MAC address */
|
||||
ret = asix_read_cmd(dev, AX_CMD_READ_NODE_ID, 0, 0, ETH_ALEN, buf, 0);
|
||||
if (ret < 0) {
|
||||
if (ret < ETH_ALEN) {
|
||||
netdev_err(dev->net, "Failed to read MAC address: %d\n", ret);
|
||||
goto free;
|
||||
}
|
||||
|
|
Загрузка…
Ссылка в новой задаче