diff options
author | Anssi Hannula <anssi.hannula@bitwise.fi> | 2017-05-24 01:53:29 (GMT) |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2017-06-17 04:41:49 (GMT) |
commit | a2901d01a6c7aac1b1e0603bc7d8fce448760195 (patch) | |
tree | 6e3b06d33f5d4cfde8be79ebdae461c0ee4a71ef /firmware/emi62/loader.HEX | |
parent | bff3001afae781cc24dc816bc3e0f9c6f6a02296 (diff) | |
download | linux-a2901d01a6c7aac1b1e0603bc7d8fce448760195.tar.xz |
net: xilinx_emaclite: fix receive buffer overflow
[ Upstream commit cd224553641848dd17800fe559e4ff5d208553e8 ]
xilinx_emaclite looks at the received data to try to determine the
Ethernet packet length but does not properly clamp it if
proto_type == ETH_P_IP or 1500 < proto_type <= 1518, causing a buffer
overflow and a panic via skb_panic() as the length exceeds the allocated
skb size.
Fix those cases.
Also add an additional unconditional check with WARN_ON() at the end.
Signed-off-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Fixes: bb81b2ddfa19 ("net: add Xilinx emac lite device driver")
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'firmware/emi62/loader.HEX')
0 files changed, 0 insertions, 0 deletions