linux_dsm_epyc7002/drivers/net
Kees Cook 715230a443 tg3: fix length overflow in VPD firmware parsing
Commit 184b89044f ("tg3: Use VPD fw version
when present") introduced VPD parsing that contained a potential length
overflow.

Limit the hardware's reported firmware string length (max 255 bytes) to
stay inside the driver's firmware string length (32 bytes). On overflow,
truncate the formatted firmware string instead of potentially overwriting
portions of the tg3 struct.

http://cansecwest.com/slides/2013/PrivateCore%20CSW%202013.pdf

Signed-off-by: Kees Cook <keescook@chromium.org>
Reported-by: Oded Horovitz <oded@privatecore.com>
Reported-by: Brad Spengler <spender@grsecurity.net>
Cc: stable@vger.kernel.org
Cc: Matt Carlson <mcarlson@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-03-27 14:06:41 -04:00
..
appletalk
arcnet
bonding bonding: remove already created master sysfs link on failure 2013-03-26 13:00:02 -04:00
caif tty/serial patches for 3.9-rc1 2013-02-21 13:41:04 -08:00
can tty/serial patches for 3.9-rc1 2013-02-21 13:41:04 -08:00
cris ethtool: fix drvinfo strings set in drivers 2013-01-06 21:06:31 -08:00
dsa DSA: Convert spaces to tabs where appropriate 2013-01-10 00:04:34 -08:00
ethernet tg3: fix length overflow in VPD firmware parsing 2013-03-27 14:06:41 -04:00
fddi
hamradio tty/serial patches for 3.9-rc1 2013-02-21 13:41:04 -08:00
hippi rrunner.c: fix possible memory leak in rr_init_one() 2013-03-10 16:42:23 -04:00
hyperv Char/Misc driver patches for 3.9-rc1 2013-02-21 13:57:13 -08:00
ieee802154 ieee802154: at86rf230: Remove empty suspend/resume callbacks 2013-02-15 15:35:34 -05:00
irda Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-02-21 17:40:58 -08:00
phy net/phy: micrel: Disable asymmetric pause for KSZ9021 2013-02-28 15:37:30 -05:00
plip
ppp ppp: convert to idr_alloc() 2013-02-27 19:10:18 -08:00
slip tty: Added a CONFIG_TTY option to allow removal of TTY 2013-01-18 16:15:27 -08:00
team team: unsyc the devices addresses when port is removed 2013-03-07 16:35:57 -05:00
usb net: cdc_ncm, cdc_mbim: allow user to prefer NCM for backwards compatibility 2013-03-17 11:59:03 -04:00
vmxnet3 vmxnet3: prevent div-by-zero panic when ring resizing uninitialized dev 2013-03-07 16:10:47 -05:00
wan Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-02-26 20:16:07 -08:00
wimax Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2013-02-20 18:58:50 -08:00
wireless rtlwifi: usb: add missing freeing of skbuff 2013-03-18 15:20:38 -04:00
xen-netback Revert "xen: netback: remove redundant xenvif_put" 2013-02-19 13:04:34 -05:00
dummy.c dummy: implement carrier change 2012-12-28 15:24:19 -08:00
eql.c
ifb.c ifb: dont hard code inet_net use 2013-01-14 15:13:39 -05:00
Kconfig Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-02-26 11:44:11 -08:00
LICENSE.SRC
loopback.c net: loopback: fix a dst refcounting issue 2013-01-27 01:30:35 -05:00
macvlan.c macvlan: Set IFF_UNICAST_FLT flag to prevent unnecessary promisc mode. 2013-03-07 16:36:59 -05:00
macvtap.c macvtap: convert to idr_alloc() 2013-02-27 19:10:18 -08:00
Makefile net: Add support for NTB virtual ethernet device 2013-01-17 19:11:14 -08:00
mdio.c
mii.c
netconsole.c netconsole: don't call __netpoll_cleanup() while atomic 2013-03-12 06:58:55 -04:00
ntb_netdev.c ntb_netdev: Update Version 2013-01-20 15:48:14 -08:00
rionet.c ethtool: fix drvinfo strings set in drivers 2013-01-06 21:06:31 -08:00
sb1000.c
Space.c drivers/net: delete old x86 variant of the seeq8005 driver 2013-01-22 10:39:56 -05:00
sungem_phy.c
tun.c tun: add a missing nf_reset() in tun_net_xmit() 2013-03-06 16:05:00 -05:00
veth.c veth: fix NULL dereference in veth_dellink() 2013-02-10 20:41:43 -05:00
virtio_net.c All trivial, thanks to the stuff which didn't quite make it time. 2013-02-26 14:49:12 -08:00
vxlan.c vxlan: fix oops when delete netns containing vxlan 2013-03-07 16:12:51 -05:00
xen-netfront.c xen/netfront: improve truesize tracking 2013-01-07 19:51:19 -08:00