| From foo@baz Mon 18 Nov 2019 09:16:01 AM CET |
| From: Oliver Neukum <oneukum@suse.com> |
| Date: Thu, 14 Nov 2019 11:16:01 +0100 |
| Subject: ax88172a: fix information leak on short answers |
| |
| From: Oliver Neukum <oneukum@suse.com> |
| |
| [ Upstream commit a9a51bd727d141a67b589f375fe69d0e54c4fe22 ] |
| |
| If a malicious device gives a short MAC it can elicit up to |
| 5 bytes of leaked memory out of the driver. We need to check for |
| ETH_ALEN instead. |
| |
| Reported-by: syzbot+a8d4acdad35e6bbca308@syzkaller.appspotmail.com |
| Signed-off-by: Oliver Neukum <oneukum@suse.com> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| drivers/net/usb/ax88172a.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| --- a/drivers/net/usb/ax88172a.c |
| +++ b/drivers/net/usb/ax88172a.c |
| @@ -208,7 +208,7 @@ static int ax88172a_bind(struct usbnet * |
| |
| /* Get the MAC address */ |
| ret = asix_read_cmd(dev, AX_CMD_READ_NODE_ID, 0, 0, ETH_ALEN, buf, 0); |
| - if (ret < 0) { |
| + if (ret < ETH_ALEN) { |
| netdev_err(dev->net, "Failed to read MAC address: %d\n", ret); |
| goto free; |
| } |
