Commit cfb84070 authored by Nikita Zhandarovich's avatar Nikita Zhandarovich Committed by sanglipeng
Browse files

mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() 

stable inclusion
from stable-v5.10.179
commit b6b06c5ee333ff9ccaf4c54005263daba5673b2f
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I8C809

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=b6b06c5ee333ff9ccaf4c54005263daba5673b2f



--------------------------------

[ Upstream commit c0e73276 ]

Function mlxfw_mfa2_tlv_multi_get() returns NULL if 'tlv' in
question does not pass checks in mlxfw_mfa2_tlv_payload_get(). This
behaviour may lead to NULL pointer dereference in 'multi->total_len'.
Fix this issue by testing mlxfw_mfa2_tlv_multi_get()'s return value
against NULL.

Found by Linux Verification Center (linuxtesting.org) with static
analysis tool SVACE.

Fixes: 410ed13c ("Add the mlxfw module for Mellanox firmware flash process")
Co-developed-by: default avatarNatalia Petrova <n.petrova@fintech.ru>
Signed-off-by: default avatarNikita Zhandarovich <n.zhandarovich@fintech.ru>
Reviewed-by: default avatarIdo Schimmel <idosch@nvidia.com>
Link: https://lore.kernel.org/r/20230417120718.52325-1-n.zhandarovich@fintech.ru


Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
Signed-off-by: default avatarsanglipeng <sanglipeng1@jd.com>
parent e3282a0f
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment