diff options
author | Anssi Hannula <anssi.hannula@bitwise.fi> | 2017-02-14 19:11:44 +0200 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2017-02-15 12:18:33 -0500 |
commit | cd224553641848dd17800fe559e4ff5d208553e8 (patch) | |
tree | e0c82bf644515f25f6a4f1e612b706ca7388dc76 /crypto/rng.c | |
parent | 5463b3d043826ff8ef487edbd1ef1bfffb677437 (diff) |
net: xilinx_emaclite: fix receive buffer overflow
xilinx_emaclite looks at the received data to try to determine the
Ethernet packet length but does not properly clamp it if
proto_type == ETH_P_IP or 1500 < proto_type <= 1518, causing a buffer
overflow and a panic via skb_panic() as the length exceeds the allocated
skb size.
Fix those cases.
Also add an additional unconditional check with WARN_ON() at the end.
Signed-off-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Fixes: bb81b2ddfa19 ("net: add Xilinx emac lite device driver")
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'crypto/rng.c')
0 files changed, 0 insertions, 0 deletions