superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/drivers/fwctl
History
Heechan Kang e753773502 fwctl: pds: Validate RPC input size before parsing 
The fwctl core allocates the device-specific RPC input buffer with
fwctl_rpc.in_len and passes that buffer to the driver callback.

pdsfc_fw_rpc() casts the buffer to struct fwctl_rpc_pds and then calls
pdsfc_validate_rpc(), which reads fields from that structure before
checking that the input buffer is large enough to contain it. A short
in_len can make pds_fwctl read beyond the allocation.

Reject pds RPC buffers that are smaller than struct fwctl_rpc_pds before
parsing any pds-specific fields.

Fixes: 92c66ee829 ("pds_fwctl: add rpc and query support")
Link: https://patch.msgid.link/r/20260517062232.1858747-1-gganji11@naver.com
Cc: stable@vger.kernel.org # v6.15+
Signed-off-by: Heechan Kang <gganji11@naver.com>
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
 		2026-05-19 10:44:32 -03:00
..
bnxt fwctl/bnxt_fwctl: Add bnxt fwctl device 2026-03-31 13:33:54 -03:00
mlx5 Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
pds fwctl: pds: Validate RPC input size before parsing 2026-05-19 10:44:32 -03:00
Kconfig fwctl/bnxt_fwctl: Add bnxt fwctl device 2026-03-31 13:33:54 -03:00
Makefile fwctl/bnxt_fwctl: Add bnxt fwctl device 2026-03-31 13:33:54 -03:00
main.c fwctl: Fix class init ordering to avoid NULL pointer dereference on device removal 2026-04-10 11:21:06 -03:00