base: prevent untrusted loop bound

Anatoly Burakov Wed, 24 Apr 2024 06:24:37 -0700

From: Dawid Zielinski <dawid.zielin...@intel.com>

Added length check against EEPROM size in words to prevent untrusted
loop bound reported by static code analysis.


Signed-off-by: Dawid Zielinski <dawid.zielin...@intel.com>
---
 drivers/net/ixgbe/base/ixgbe_common.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/ixgbe/base/ixgbe_common.c 
b/drivers/net/ixgbe/base/ixgbe_common.c
index a19f4d715c..73b5935d88 100644
--- a/drivers/net/ixgbe/base/ixgbe_common.c
+++ b/drivers/net/ixgbe/base/ixgbe_common.c
@@ -675,7 +675,7 @@ s32 ixgbe_read_pba_string_generic(struct ixgbe_hw *hw, u8 
*pba_num,
                return ret_val;
        }
 
-       if (length == 0xFFFF || length == 0) {
+       if (length == 0xFFFF || length == 0 || length > hw->eeprom.word_size) {
                DEBUGOUT("NVM PBA number section invalid length\n");
                return IXGBE_ERR_PBA_SECTION;
        }
-- 
2.43.0

[PATCH v1 19/22] net/ixgbe/base: prevent untrusted loop bound

Reply via email to