Author: arybchik Date: Fri Nov 23 07:50:22 2018 New Revision: 340797 URL: https://svnweb.freebsd.org/changeset/base/340797
Log: sfxge(4): fix potential buffer overflow in Tx queue init Improve error checking to avoid a caller overflowing the MCDI request buffer if the requested TXQ size was excessively large. Submitted by: Andy Moreton <amoreton at solarflare.com> Sponsored by: Solarflare Communications, Inc. MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D18067 Modified: head/sys/dev/sfxge/common/ef10_tx.c Modified: head/sys/dev/sfxge/common/ef10_tx.c ============================================================================== --- head/sys/dev/sfxge/common/ef10_tx.c Fri Nov 23 07:43:44 2018 (r340796) +++ head/sys/dev/sfxge/common/ef10_tx.c Fri Nov 23 07:50:22 2018 (r340797) @@ -70,7 +70,7 @@ efx_mcdi_init_txq( EFX_TXQ_NBUFS(enp->en_nic_cfg.enc_txq_max_ndescs)); npages = EFX_TXQ_NBUFS(size); - if (npages > MC_CMD_INIT_TXQ_IN_DMA_ADDR_MAXNUM) { + if (MC_CMD_INIT_TXQ_IN_LEN(npages) > sizeof (payload)) { rc = EINVAL; goto fail1; } _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
