Skip to content

Commit

Permalink
ax88172a: fix information leak on short answers
Browse files Browse the repository at this point in the history 
If a malicious device gives a short MAC it can elicit up to
5 bytes of leaked memory out of the driver. We need to check for
ETH_ALEN instead.

Reported-by: syzbot+a8d4acdad35e6bbca308@syzkaller.appspotmail.com
Signed-off-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
Oliver Neukum authored and David S. Miller committed Nov 15, 2019
1 parent 4d189c1 commit a9a51bd
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion drivers/net/usb/ax88172a.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -196,7 +196,7 @@ static int ax88172a_bind(struct usbnet *dev, struct usb_interface *intf)

/* Get the MAC address */
ret = asix_read_cmd(dev, AX_CMD_READ_NODE_ID, 0, 0, ETH_ALEN, buf, 0);
if (ret < 0) {
if (ret < ETH_ALEN) {
netdev_err(dev->net, "Failed to read MAC address: %d\n", ret);
goto free;
}
Expand Down

0 comments on commit a9a51bd

Please sign in to comment.