OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/drivers/net/ethernet/broadcom
History
Kees Cook 715230a443 tg3: fix length overflow in VPD firmware parsing 
Commit 184b89044f ("tg3: Use VPD fw version
when present") introduced VPD parsing that contained a potential length
overflow.

Limit the hardware's reported firmware string length (max 255 bytes) to
stay inside the driver's firmware string length (32 bytes). On overflow,
truncate the formatted firmware string instead of potentially overwriting
portions of the tg3 struct.

http://cansecwest.com/slides/2013/PrivateCore%20CSW%202013.pdf

Signed-off-by: Kees Cook <keescook@chromium.org>
Reported-by: Oded Horovitz <oded@privatecore.com>
Reported-by: Brad Spengler <spender@grsecurity.net>
Cc: stable@vger.kernel.org
Cc: Matt Carlson <mcarlson@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2013-03-27 14:06:41 -04:00
..
bnx2x bnx2x: fix assignment of signed expression to unsigned variable 2013-03-24 17:27:28 -04:00
Kconfig bgmac: driver for GBit MAC core on BCMA bus 2013-01-09 23:37:03 -08:00
Makefile bgmac: driver for GBit MAC core on BCMA bus 2013-01-09 23:37:03 -08:00
b44.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux into mips-for-linux-next 2013-02-22 10:07:30 +01:00
b44.h
bcm63xx_enet.c ethernet: Remove unnecessary alloc/OOM messages, alloc cleanups 2013-02-04 13:22:33 -05:00
bcm63xx_enet.h
bgmac.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-03-05 18:42:29 -08:00
bgmac.h bgmac: return error on failed PHY write 2013-02-13 13:58:18 -05:00
bnx2.c remove init of dev->perm_addr in drivers 2013-01-08 18:00:48 -08:00
bnx2.h cnic, bnx2x, bnx2: Simplify cnic probing. 2012-12-07 12:44:02 -05:00
bnx2_fw.h
cnic.c ethernet: Remove unnecessary alloc/OOM messages, alloc cleanups 2013-02-04 13:22:33 -05:00
cnic.h cnic: Include bnx2x.h 2012-12-07 12:44:02 -05:00
cnic_defs.h bnx2x,cnic: use FW 7.8.2 2012-10-01 16:43:17 -04:00
cnic_if.h cnic, bnx2x: Add CNIC_DRV_STATE_HANDLES_IRQ to ethdev->drv_state 2013-01-23 13:58:29 -05:00
sb1250-mac.c net: phy: remove flags argument from phy_{attach, connect, connect_direct} 2013-01-14 15:11:50 -05:00
tg3.c tg3: fix length overflow in VPD firmware parsing 2013-03-27 14:06:41 -04:00
tg3.h tg3: Use different macros for pci_chip_rev_id accesses 2013-02-18 12:45:53 -05:00