From a2def601259b21f871f4185b53f70a67d9369f69 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Sun, 17 May 2020 17:29:19 +0200 Subject: [PATCH] 4.14-stable patches added patches: net-phy-micrel-use-strlcpy-for-ethtool-get_strings.patch --- ...-use-strlcpy-for-ethtool-get_strings.patch | 37 +++++++++++++++++++ queue-4.14/series | 1 + 2 files changed, 38 insertions(+) create mode 100644 queue-4.14/net-phy-micrel-use-strlcpy-for-ethtool-get_strings.patch diff --git a/queue-4.14/net-phy-micrel-use-strlcpy-for-ethtool-get_strings.patch b/queue-4.14/net-phy-micrel-use-strlcpy-for-ethtool-get_strings.patch new file mode 100644 index 00000000000..5f9f573f279 --- /dev/null +++ b/queue-4.14/net-phy-micrel-use-strlcpy-for-ethtool-get_strings.patch @@ -0,0 +1,37 @@ +From 55f53567afe5f0cd2fd9e006b174c08c31c466f8 Mon Sep 17 00:00:00 2001 +From: Florian Fainelli +Date: Fri, 2 Mar 2018 15:08:38 -0800 +Subject: net: phy: micrel: Use strlcpy() for ethtool::get_strings + +From: Florian Fainelli + +commit 55f53567afe5f0cd2fd9e006b174c08c31c466f8 upstream. + +Our statistics strings are allocated at initialization without being +bound to a specific size, yet, we would copy ETH_GSTRING_LEN bytes using +memcpy() which would create out of bounds accesses, this was flagged by +KASAN. Replace this with strlcpy() to make sure we are bound the source +buffer size and we also always NUL-terminate strings. + +Fixes: 2b2427d06426 ("phy: micrel: Add ethtool statistics counters") +Signed-off-by: Florian Fainelli +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/phy/micrel.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/net/phy/micrel.c ++++ b/drivers/net/phy/micrel.c +@@ -674,8 +674,8 @@ static void kszphy_get_strings(struct ph + int i; + + for (i = 0; i < ARRAY_SIZE(kszphy_hw_stats); i++) { +- memcpy(data + i * ETH_GSTRING_LEN, +- kszphy_hw_stats[i].string, ETH_GSTRING_LEN); ++ strlcpy(data + i * ETH_GSTRING_LEN, ++ kszphy_hw_stats[i].string, ETH_GSTRING_LEN); + } + } + diff --git a/queue-4.14/series b/queue-4.14/series index 1583015ab40..2b906e153a1 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -77,3 +77,4 @@ gcc-10-disable-stringop-overflow-warning-for-now.patch gcc-10-disable-restrict-warning-for-now.patch gcc-10-avoid-shadowing-standard-library-free-in-crypto.patch x86-asm-add-instruction-suffixes-to-bitops.patch +net-phy-micrel-use-strlcpy-for-ethtool-get_strings.patch -- 2.47.3