niansa-misc/linux
1
0
Fork 0
mirror of synced 2025-03-06 20:59:54 +01:00
Code Issues Projects Releases Packages Wiki Activity
linux/drivers/net/ethernet/cisco/enic/vnic_vic.c
Kees Cook 40b9385dd8 enic: Avoid false positive under FORTIFY_SOURCE 
FORTIFY_SOURCE has been ignoring 0-sized destinations while the kernel
code base has been converted to flexible arrays. In order to enforce
the 0-sized destinations (e.g. with __counted_by), the remaining 0-sized
destinations need to be handled. Unfortunately, struct vic_provinfo
resists full conversion, as it contains a flexible array of flexible
arrays, which is only possible with the 0-sized fake flexible array.

Use unsafe_memcpy() to avoid future false positives under
CONFIG_FORTIFY_SOURCE.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2024-02-19 10:57:27 +00:00

65 lines
1.4 KiB
C
Raw Blame History

// SPDX-License-Identifier: GPL-2.0-only
// Copyright 2010 Cisco Systems, Inc. All rights reserved.
#include <linux/kernel.h>
#include <linux/errno.h>
#include <linux/types.h>
#include <linux/slab.h>
#include "vnic_vic.h"
struct vic_provinfo *vic_provinfo_alloc(gfp_t flags, const u8 *oui,
const u8 type)
{
struct vic_provinfo *vp;
if (!oui)
return NULL;
vp = kzalloc(VIC_PROVINFO_MAX_DATA, flags);
if (!vp)
return NULL;
memcpy(vp->oui, oui, sizeof(vp->oui));
vp->type = type;
vp->length = htonl(sizeof(vp->num_tlvs));
return vp;
}
void vic_provinfo_free(struct vic_provinfo *vp)
{
kfree(vp);
}
int vic_provinfo_add_tlv(struct vic_provinfo *vp, u16 type, u16 length,
const void *value)
{
struct vic_provinfo_tlv *tlv;
if (!vp || !value)
return -EINVAL;
if (ntohl(vp->length) + offsetof(struct vic_provinfo_tlv, value) +
length > VIC_PROVINFO_MAX_TLV_DATA)
return -ENOMEM;
tlv = (struct vic_provinfo_tlv *)((u8 *)vp->tlv +
ntohl(vp->length) - sizeof(vp->num_tlvs));
tlv->type = htons(type);
tlv->length = htons(length);
unsafe_memcpy(tlv->value, value, length,
/* Flexible array of flexible arrays */);
vp->num_tlvs = htonl(ntohl(vp->num_tlvs) + 1);
vp->length = htonl(ntohl(vp->length) +
offsetof(struct vic_provinfo_tlv, value) + length);
return 0;
}
size_t vic_provinfo_size(struct vic_provinfo *vp)
{
return vp ? ntohl(vp->length) + sizeof(*vp) - sizeof(vp->num_tlvs) : 0;
}
Reference in a new issue View git blame Copy permalink