From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 785A24410E;
	Thu, 30 May 2024 13:16:54 +0200 (CEST)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 9DE9F40ED9;
	Thu, 30 May 2024 13:15:12 +0200 (CEST)
Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.9])
 by mails.dpdk.org (Postfix) with ESMTP id 783FD40ED6
 for <dev@dpdk.org>; Thu, 30 May 2024 13:14:57 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
 d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
 t=1717067699; x=1748603699;
 h=from:to:cc:subject:date:message-id:in-reply-to:
 references:mime-version:content-transfer-encoding;
 bh=mZl2m7YUtXSxvkJUd0oPtka1e4NgTjBDvKH+O8GquyY=;
 b=E51MZ/u0LrOQKTZaO0ptYxJ7+L/QW8yz4WsPtuZiQ5P4GKILdqjztED9
 TQ3LJckGdroTYwlBIp1q3k/A8CVUez2u/JVNFLvXugkUSwCZ6Q6oi4VKj
 fia/2FFSxLj9aGw53l3E9GhQWv6L0/ZDYZ7KJH+KEKSF/y6QAOHR50n4y
 kSn515673HVfkbqnCL+oRGJ68fX1E9T1MQFSuRakzHlGSkCmzoZryeuXB
 Zu/fg6sxgLjDV0+m1rNc6Vy6OZl00QhrZKknmZy+Ge4EzII2QJzizEP1E
 3F175Uh7HssDKpAPUl5llUVXQzk0j6boLRxR/Ywa9OOS8aJriLW4Nt0D/ w==;
X-CSE-ConnectionGUID: PfhY7xaRSU2g5lE1BoAsww==
X-CSE-MsgGUID: J6f5C0nTTmCmv2pMunneCg==
X-IronPort-AV: E=McAfee;i="6600,9927,11087"; a="36063889"
X-IronPort-AV: E=Sophos;i="6.08,201,1712646000"; d="scan'208";a="36063889"
Received: from orviesa007.jf.intel.com ([10.64.159.147])
 by orvoesa101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 30 May 2024 04:14:58 -0700
X-CSE-ConnectionGUID: JgwMu4FJQkWUPUR1HVhAxg==
X-CSE-MsgGUID: oyAyKk2yQw2K4tZfvNQZNQ==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.08,201,1712646000"; d="scan'208";a="36419448"
Received: from silpixa00401119.ir.intel.com ([10.55.129.167])
 by orviesa007.jf.intel.com with ESMTP; 30 May 2024 04:14:56 -0700
From: Anatoly Burakov <anatoly.burakov@intel.com>
To: dev@dpdk.org
Cc: Dawid Zielinski <dawid.zielinski@intel.com>, vladimir.medvedkin@intel.com,
 bruce.richardson@intel.com
Subject: [PATCH v3 18/30] net/ixgbe/base: prevent untrusted loop bound
Date: Thu, 30 May 2024 12:13:51 +0100
Message-ID: <7449366ea21b1b49e816cdf48eabc31109405f67.1717067519.git.anatoly.burakov@intel.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1717067518.git.anatoly.burakov@intel.com>
References: <cover.1714744628.git.anatoly.burakov@intel.com>
 <cover.1717067518.git.anatoly.burakov@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

From: Dawid Zielinski <dawid.zielinski@intel.com>

Added length check against EEPROM size in words to prevent untrusted
loop bound reported by static code analysis.

Signed-off-by: Dawid Zielinski <dawid.zielinski@intel.com>
---
 drivers/net/ixgbe/base/ixgbe_common.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/ixgbe/base/ixgbe_common.c b/drivers/net/ixgbe/base/ixgbe_common.c
index a19f4d715c..73b5935d88 100644
--- a/drivers/net/ixgbe/base/ixgbe_common.c
+++ b/drivers/net/ixgbe/base/ixgbe_common.c
@@ -675,7 +675,7 @@ s32 ixgbe_read_pba_string_generic(struct ixgbe_hw *hw, u8 *pba_num,
 		return ret_val;
 	}
 
-	if (length == 0xFFFF || length == 0) {
+	if (length == 0xFFFF || length == 0 || length > hw->eeprom.word_size) {
 		DEBUGOUT("NVM PBA number section invalid length\n");
 		return IXGBE_ERR_PBA_SECTION;
 	}
-- 
2.43.0