Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 1e5d182a87d547d11138f2cc185bf37125d59e67
commit1e5d182a87d547d11138f2cc185bf37125d59e67[log] [tgz]
authorDan Carpenter <dan.carpenter@oracle.com>Thu Aug 13 17:06:04 2020 +0300
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>Wed Nov 18 18:26:24 2020 +0100
tree6c52e81c9b29698f302b0f17d68fd0b1b8dbcf21
parent919d9b622c896f8fac21faa125c4bcbceca8ddf2 [diff]
can: peak_usb: add range checking in decode operations

[ Upstream commit a6921dd524fe31d1f460c161d3526a407533b6db ]

These values come from skb->data so Smatch considers them untrusted.  I
believe Smatch is correct but I don't have a way to test this.

The usb_if->dev[] array has 2 elements but the index is in the 0-15
range without checks.  The cfd->len can be up to 255 but the maximum
valid size is CANFD_MAX_DLEN (64) so that could lead to memory
corruption.

Fixes: 0a25e1f4f185 ("can: peak_usb: add support for PEAK new CANFD USB adapters")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/20200813140604.GA456946@mwanda
Acked-by: Stephane Grosjean <s.grosjean@peak-system.com>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
1 file changed
tree: 6c52e81c9b29698f302b0f17d68fd0b1b8dbcf21
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitattributes
  26. .gitignore
  27. .mailmap
  28. COPYING
  29. CREDITS
  30. Kbuild
  31. Kconfig
  32. MAINTAINERS
  33. Makefile
  34. README
  35. REPORTING-BUGS