Commit e9904990 authored by Colin Ian King's avatar Colin Ian King Committed by David S. Miller

sfc: fix an off-by-one compare on an array size

encap_type should be checked to see if it is greater or equal to
the size of array map to fix an off-by-one array size check. This
fixes an array overrun read as detected by static analysis by
CoverityScan, CID#1398883 ("Out-of-bounds-read")

Fixes: 9b410801 ("sfc: insert catch-all filters for encapsulated traffic")
Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
Acked-by: default avatarEdward Cree <ecree@solarflare.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 1bae6c99
...@@ -5080,7 +5080,7 @@ static int efx_ef10_filter_insert_def(struct efx_nic *efx, ...@@ -5080,7 +5080,7 @@ static int efx_ef10_filter_insert_def(struct efx_nic *efx,
/* quick bounds check (BCAST result impossible) */ /* quick bounds check (BCAST result impossible) */
BUILD_BUG_ON(EFX_EF10_BCAST != 0); BUILD_BUG_ON(EFX_EF10_BCAST != 0);
if (encap_type > ARRAY_SIZE(map) || map[encap_type] == 0) { if (encap_type >= ARRAY_SIZE(map) || map[encap_type] == 0) {
WARN_ON(1); WARN_ON(1);
return -EINVAL; return -EINVAL;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment