UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity
OpenCloudOS-Kernel/drivers/char/ipmi
History
Dan Carpenter fa6950e4da ipmi: ssif_bmc: prevent integer overflow on 32bit systems 
[ Upstream commit 0627cef36145c9ff9845bdfd7ddf485bbac1f981 ]

There are actually two bugs here.  First, we need to ensure that count
is at least sizeof(u32) or msg.len will be uninitialized data.

The "msg.len" variable is a u32 that comes from the user.  On 32bit
systems the "sizeof_field(struct ipmi_ssif_msg, len) + msg.len"
addition can overflow if "msg.len" is greater than U32_MAX - 4.

Valid lengths for "msg.len" are 1-254.  Add a check for that to
prevent the integer overflow.

Fixes: dd2bc5cc9e ("ipmi: ssif_bmc: Add SSIF BMC driver")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Message-Id: <1431ca2e-4e9c-4520-bfc0-6879313c30e9@moroto.mountain>
Signed-off-by: Corey Minyard <corey@minyard.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2024-08-03 08:53:48 +02:00
..
Kconfig ipmi: ASPEED_BT_IPMI_BMC: select REGMAP_MMIO instead of depending on it 2023-03-02 16:14:15 -06:00
Makefile ipmi: ssif_bmc: Add SSIF BMC driver 2022-10-17 09:51:26 -05:00
bt-bmc.c ipmi: bt: Add ast2600 compatible string 2021-10-07 14:02:45 -05:00
ipmb_dev_int.c ipmi: Switch i2c drivers back to use .probe() 2023-05-25 18:48:06 -05:00
ipmi_bt_sm.c ipmi: Clean up some printks 2020-09-15 09:57:45 -05:00
ipmi_devintf.c ipmi: make ipmi_class a static const structure 2023-06-20 09:49:08 -05:00
ipmi_dmi.c ipmi_si: Rework some include files 2019-08-02 07:25:03 -05:00
ipmi_dmi.h ipmi_si: Rework some include files 2019-08-02 07:25:03 -05:00
ipmi_ipmb.c ipmi: Switch i2c drivers back to use .probe() 2023-05-25 18:48:06 -05:00
ipmi_kcs_sm.c ipmi: fix msg stack when IPMI is disconnected 2022-10-17 09:51:27 -05:00
ipmi_msghandler.c ipmi: fix use after free in _ipmi_destroy_user() 2022-11-15 08:14:29 -06:00
ipmi_plat_data.c ipmi: Handle device properties with software node API 2021-03-10 19:00:02 -06:00
ipmi_plat_data.h ipmi: Add the i2c-addr property for SSIF interfaces 2019-04-24 09:02:53 -05:00
ipmi_powernv.c ipmi:powernv: Convert ipmi_smi_t to struct ipmi_smi 2018-09-18 16:15:33 -05:00
ipmi_poweroff.c ipmi: simplify sysctl registration 2023-03-02 16:16:37 -06:00
ipmi_si.h parisc: Make struct parisc_driver::remove() return void 2021-08-30 10:18:25 +02:00
ipmi_si_hardcode.c ipmi_si: Join string literals back 2021-04-02 12:53:42 -05:00
ipmi_si_hotmod.c ipmi_si: Join string literals back 2021-04-02 12:53:42 -05:00
ipmi_si_intf.c ipmi_si: fix a memleak in try_smi_init() 2023-06-29 08:06:45 -05:00
ipmi_si_mem_io.c ipmi_si: Rework some include files 2019-08-02 07:25:03 -05:00
ipmi_si_parisc.c parisc: Make struct parisc_driver::remove() return void 2021-08-30 10:18:25 +02:00
ipmi_si_pci.c ipmi_si: Join string literals back 2021-04-02 12:53:42 -05:00
ipmi_si_platform.c ipmi_si: fix -Wvoid-pointer-to-enum-cast warning 2023-08-15 15:46:06 -05:00
ipmi_si_port_io.c ipmi_si: Rework some include files 2019-08-02 07:25:03 -05:00
ipmi_si_sm.h ipmi_si: Rework some include files 2019-08-02 07:25:03 -05:00
ipmi_smic_sm.c ipmi: Clean up some printks 2020-09-15 09:57:45 -05:00
ipmi_ssif.c ipmi: Change request_module to request_module_nowait 2023-06-20 09:59:53 -05:00
ipmi_watchdog.c ipmi_watchdog: Fix read syscall not responding to signals during sleep 2023-05-18 17:31:31 -05:00
kcs_bmc.c ipmi: fix potential deadlock on &kcs_bmc->lock 2023-07-04 09:22:45 -05:00
kcs_bmc.h ipmi: kcs_bmc: Allow clients to control KCS IRQ state 2021-06-21 19:50:28 -05:00
kcs_bmc_aspeed.c ipmi: Explicitly include correct DT includes 2023-08-28 13:36:24 -05:00
kcs_bmc_cdev_ipmi.c ipmi: Add __init/__exit annotations to module init/exit funcs 2022-09-22 10:55:46 -05:00
kcs_bmc_client.h ipmi: kcs_bmc: Allow clients to control KCS IRQ state 2021-06-21 19:50:28 -05:00
kcs_bmc_device.h ipmi: kcs_bmc: Allow clients to control KCS IRQ state 2021-06-21 19:50:28 -05:00
kcs_bmc_npcm7xx.c ipmi: kcs_bmc: Enable IBF on open 2021-06-21 19:50:28 -05:00
kcs_bmc_serio.c ipmi: Add __init/__exit annotations to module init/exit funcs 2022-09-22 10:55:46 -05:00
ssif_bmc.c ipmi: ssif_bmc: prevent integer overflow on 32bit systems 2024-08-03 08:53:48 +02:00