b=ISMJ5PvESDgqQAUykmlVwS5i1f5p48pqLssXOJrw7EqPrspaT1wR+oGIvR6qLM3K93yvfzNkPvysMyFUTQ819HP+ZM5iiJ1MDEmQV6p+hrKhSCxX482rPB3hYW3h2IHy+cuJtBdeEs5cTid1i1ZlghDWUsWz+4zT40u6/Del650= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=tpz.ru; spf=pass smtp.mailfrom=tpz.ru; arc=none smtp.client-ip=109.236.68.122 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=tpz.ru Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=tpz.ru Received: from localhost (localhost [127.0.0.1]) by postmaster.electro-mail.ru (Postfix) with ESMTP id 6EFD6FFC581; Mon, 10 Nov 2025 16:45:25 +0300 (MSK) Received: from postmaster.electro-mail.ru ([127.0.0.1]) by localhost (postmaster.electro-mail.ru [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id l7jmAB_-WevC; Mon, 10 Nov 2025 16:45:25 +0300 (MSK) Received: from postmaster.electro-mail.ru (localhost [127.0.0.1]) by postmaster.electro-mail.ru (Postfix) with ESMTPS id E4BA8FFC582; Mon, 10 Nov 2025 16:45:24 +0300 (MSK) Received: from email.electro-mail.ru (unknown [10.10.0.10]) by postmaster.electro-mail.ru (Postfix) with ESMTPS id D5BCEFFC581; Mon, 10 Nov 2025 16:45:24 +0300 (MSK) Received: from lvc.d-systems.local (109.236.68.122) by email.electro-mail.ru (10.120.0.4) with Microsoft SMTP Server (TLS) id 14.3.487.0; Mon, 10 Nov 2025 16:45:23 +0300 From: Ilya Krutskih To: CC: Ilya Krutskih , , , , , , , , , , , Subject: [PATCH] net: fealnx: fixed possible out of band acces to an array Date: Mon, 10 Nov 2025 13:44:22 +0000 Message-ID: <20251110134423.432612-1-devsec@tpz.ru> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: stable@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain X-KSE-ServerInfo: srv-mail-01.tpz.local, 9 X-KSE-AntiSpam-Interceptor-Info: trusted connection X-KSE-Antiphishing-Interceptor-Info: protection disabled X-KSE-Antivirus-Interceptor-Info: scan successful X-KSE-Antivirus-Info: Clean, bases: 09.10.2024 20:59:00 X-KSE-Attachment-Filter-Scan-Result: Clean X-KSE-Attachment-Filter-Scan-Result: skipped Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.5 (/) X-Spam-Report: Spam detection software, running on the system "witcher.mxrouting.net", has performed the tests listed below against this email. Information: https://mxroutedocs.com/directadmin/spamfilters/ --- Content analysis details: (0.5 points) --- pts rule name description ---- ---------------------- ----------------------------------------- 0.0 RCVD_IN_DNSWL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to DNSWL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#DnsBlocklists-dnsbl-block for more information. [139.178.88.99 listed in list.dnswl.org] 1.5 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different -1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list manager SpamTally: Final spam score: 5 fixed possible out of band access to an array=20 If the fealnx_init_one() function is called more than MAX_UNITS times=20 or card_idx is less than zero Added a check: 0 <=3D card_idx < MAX_UNITS Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Ilya Krutskih --- drivers/net/ethernet/fealnx.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/net/ethernet/fealnx.c b/drivers/net/ethernet/fealnx.= c index 6ac8547ef9b8..c7f2141a01fe 100644 --- a/drivers/net/ethernet/fealnx.c +++ b/drivers/net/ethernet/fealnx.c @@ -491,8 +491,8 @@ static int fealnx_init_one(struct pci_dev *pdev, =20 card_idx++; sprintf(boardname, "fealnx%d", card_idx); - - option =3D card_idx < MAX_UNITS ? options[card_idx] : 0; + if (card_idx >=3D 0) + option =3D card_idx < MAX_UNITS ? options[card_idx] : 0; =20 i =3D pci_enable_device(pdev); if (i) return i; @@ -623,7 +623,7 @@ static int fealnx_init_one(struct pci_dev *pdev, np->default_port =3D option & 15; } =20 - if (card_idx < MAX_UNITS && full_duplex[card_idx] > 0) + if ((0 <=3D card_idx && MAX_UNITS > card_idx) && full_duplex[card_idx] = > 0) np->mii.full_duplex =3D full_duplex[card_idx]; =20 if (np->mii.full_duplex) { --=20 2.43.0 From - Mon Nov 10 14:02:33 2025 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Return-Path: Delivered-To: hi@josie.lol Received: from witcher.mxrouting.net by witcher.mxrouting.net with LMTP id 8JyAAXbwEWniUgwAYBR5ng (envelope-from ) for ; Mon, 10 Nov 2025 14:02:30 +0000 Return-path: Envelope-to: hi@josie.lol Delivery-date: Mon, 10 Nov 2025 14:02:30 +0000 Received: from dfw.mirrors.kernel.org ([142.0.200.124]) by witcher.mxrouting.net with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.98) (envelope-from ) id 1vISTV-00000006Mt5-31dp for hi@josie.lol; Mon, 10 Nov 2025 14:02:29 +0000 Received: from smtp.subspace.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.mirrors.kernel.org (Postfix) with ESMTPS id 5BFFE4E6FEF for ; Mon, 10 Nov 2025 14:02:21 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 0A32830FC0D; Mon, 10 Nov 2025 14:02:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="beqHn+dE" X-Original-To: linux-s390@vger.kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CD210228CBC; Mon, 10 Nov 2025 14:02:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762783336; cv=none; b=qzRzWKWZWKrnXMhhUrgHniWmvMhBSYVpvkVJLTXTO+4dy1W39ZlsR9HxqeM0pmprnqBUj2q6dzC8stzyhjO+RtzZ537X3r2wyFMdxz617pXfnR9okFeEtQA9KwodCvFXqOjdba17Ppwvejc42MIAdAKKgKH0LRKFKgTmE/QyWwY= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762783336; c=relaxed/simple; bh=kRwsXVFv1McQ3Dvj5cuxK3qdGt6Zp8GEmPh7L11Pq6c=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=LHartHoHZUupQ54qCOH7gYH9WevRpfrptYVxy27IXit6uJ6MXH5zLcuPQDk2fZmqaAmPiUGqpIV0bpv1les1uNrMQII2iwyxiPHZngJPDnLnKZJGdjFkLxIp1AtW56QNtNG9enmK0JgOmfZFHE33wNVF/DuBo09SKW6+1ALWeAI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=beqHn+dE; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 803D7C19422; Mon, 10 Nov 2025 14:02:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1762783336; bh=kRwsXVFv1McQ3Dvj5cuxK3qdGt6Zp8GEmPh7L11Pq6c=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=beqHn+dEFMF6TBBtFIUbQk20e2un"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); const resolve_1 = require("./resolve"); class MissingRefError extends Error { constructor(resolver, baseId, ref, msg) { super(msg || `can't resolve reference ${ref} from id ${baseId}`); this.missingRef = (0, resolve_1.resolveUrl)(resolver, baseId, ref); this.missingSchema = (0, resolve_1.normalizeId)((0, resolve_1.getFullPath)(resolver, this.missingRef)); } } exports.default = MissingRefError; //# sourceMappingURL=ref_error.js.map