kernel-aes67/drivers/scsi/qla4xxx
Lin Ma 47cd3770e3 scsi: qla4xxx: Add length check when parsing nlattrs
There are three places that qla4xxx parses nlattrs:

 - qla4xxx_set_chap_entry()

 - qla4xxx_iface_set_param()

 - qla4xxx_sysfs_ddb_set_param()

and each of them directly converts the nlattr to specific pointer of
structure without length checking. This could be dangerous as those
attributes are not validated and a malformed nlattr (e.g., length 0) could
result in an OOB read that leaks heap dirty data.

Add the nla_len check before accessing the nlattr data and return EINVAL if
the length check fails.

Fixes: 26ffd7b45f ("[SCSI] qla4xxx: Add support to set CHAP entries")
Fixes: 1e9e2be3ee ("[SCSI] qla4xxx: Add flash node mgmt support")
Fixes: 00c31889f7 ("[SCSI] qla4xxx: fix data alignment and use nl helpers")
Signed-off-by: Lin Ma <linma@zju.edu.cn>
Link: https://lore.kernel.org/r/20230723080053.3714534-1-linma@zju.edu.cn
Reviewed-by: Chris Leech <cleech@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2023-07-25 21:51:04 -04:00
..
Kconfig
Makefile treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
ql4_83xx.c
ql4_83xx.h
ql4_attr.c
ql4_bsg.c
ql4_bsg.h scsi/qla4xxx: Convert to SPDX license identifiers 2020-09-16 14:31:36 +02:00
ql4_dbg.c scsi/qla4xxx: Convert to SPDX license identifiers 2020-09-16 14:31:36 +02:00
ql4_dbg.h
ql4_def.h scsi: qla4xxx: Drop redundant pci_enable_pcie_error_reporting() 2023-03-09 22:00:39 -05:00
ql4_fw.h
ql4_glbl.h
ql4_init.c
ql4_inline.h
ql4_iocb.c
ql4_isr.c scsi: qla4xxx: Remove unused 'count' variable 2023-04-02 21:48:46 -04:00
ql4_mbx.c scsi: qla4xxx: Replace all non-returning strlcpy() with strscpy() 2023-05-16 21:40:41 -04:00
ql4_nvram.c scsi/qla4xxx: Convert to SPDX license identifiers 2020-09-16 14:31:36 +02:00
ql4_nvram.h scsi/qla4xxx: Convert to SPDX license identifiers 2020-09-16 14:31:36 +02:00
ql4_nx.c
ql4_nx.h
ql4_os.c scsi: qla4xxx: Add length check when parsing nlattrs 2023-07-25 21:51:04 -04:00
ql4_version.h