public-mirrors/linux
1
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-08-04 00:06:36 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/drivers/net/can
History
Dan Carpenter a6921dd524 can: peak_usb: add range checking in decode operations 
These values come from skb->data so Smatch considers them untrusted.  I
believe Smatch is correct but I don't have a way to test this.

The usb_if->dev[] array has 2 elements but the index is in the 0-15
range without checks.  The cfd->len can be up to 255 but the maximum
valid size is CANFD_MAX_DLEN (64) so that could lead to memory
corruption.

Fixes: 0a25e1f4f1 ("can: peak_usb: add support for PEAK new CANFD USB adapters")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/20200813140604.GA456946@mwanda
Acked-by: Stephane Grosjean <s.grosjean@peak-system.com>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
2020-11-03 22:30:32 +01:00
..
c_can can: c_can: reg_map_{c,d}_can: mark as __maybe_unused 2020-10-06 22:44:26 +02:00
cc770 can: drivers: fix spelling mistakes 2020-09-21 10:13:16 +02:00
ifi_canfd treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
m_can Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-10-15 12:43:21 -07:00
mscan can: mscan: simplify clock enable/disable 2020-09-21 10:13:19 +02:00
peak_canfd can: peak_canfd: Remove unused macros 2020-09-21 10:13:18 +02:00
rcar treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
sja1000 can: drivers: fix spelling mistakes 2020-09-21 10:13:16 +02:00
softing can: softing: softing_card_shutdown(): add braces around empty body in an 'if' statement 2020-10-06 22:44:03 +02:00
spi can: mcp251xfd: rename all remaining occurrence to mcp251xfd 2020-09-30 21:55:28 +02:00
usb can: peak_usb: add range checking in decode operations 2020-11-03 22:30:32 +01:00
at91_can.c can: drivers: fix spelling mistakes 2020-09-21 10:13:16 +02:00
dev.c can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames 2020-11-03 22:30:12 +01:00
flexcan.c can: flexcan: remove ack_grp and ack_bit handling from driver 2020-10-07 23:18:33 +02:00
grcan.c can: drivers: fix spelling mistakes 2020-09-21 10:13:16 +02:00
janz-ican3.c treewide: Remove uninitialized_var() usage 2020-07-16 12:35:15 -07:00
Kconfig can: slcan: update dead link 2020-09-21 10:13:16 +02:00
kvaser_pciefd.c
led.c
Makefile
pch_can.c can: pch_can: use generic power management 2020-09-21 10:13:18 +02:00
rx-offload.c can: rx-offload: don't call kfree_skb() from IRQ context 2020-11-03 22:24:19 +01:00
slcan.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
sun4i_can.c
ti_hecc.c can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in error path 2020-11-03 22:30:32 +01:00
vcan.c
vxcan.c
xilinx_can.c can: xilinx_can: handle failure cases of pm_runtime_get_sync 2020-11-03 22:30:32 +01:00