niu: Fix kernel buffer overflow for ETHTOOL_GRXCLSRLALL
commit6a6c24b6917692f826525ca5cb550f98982e39e8
authorBen Hutchings <bhutchings@solarflare.com>
Tue, 7 Sep 2010 04:35:19 +0000 (7 04:35 +0000)
committerPaul Gortmaker <paul.gortmaker@windriver.com>
Sun, 17 Apr 2011 20:16:18 +0000 (17 16:16 -0400)
treefadb6ad0982147b85f20c1418fd37972e9b3964b
parent40b77a71b25fd1ec84fdc3abc2f928a872884b10
niu: Fix kernel buffer overflow for ETHTOOL_GRXCLSRLALL

commit ee9c5cfad29c8a13199962614b9b16f1c4137ac9 upstream.

niu_get_ethtool_tcam_all() assumes that its output buffer is the right
size, and warns before returning if it is not.  However, the output
buffer size is under user control and ETHTOOL_GRXCLSRLALL is an
unprivileged ethtool command.  Therefore this is at least a local
denial-of-service vulnerability.

Change it to check before writing each entry and to return an error if
the buffer is already full.

Compile-tested only.

Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
drivers/net/niu.c