If sscanf() return 0, outlen is uninitialized and used in kzalloc(),
this is unexpected. We should return -EINVAL if the string is invalid.
Fixes: e126ba97dba9 ("mlx5: Add driver for Mellanox Connect-IB adapters")
Signed-off-by: YueHaibing <[email protected]>
---
drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c
index 2e0d59ca62b5..cfb1e9f18a6c 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c
@@ -1508,8 +1508,8 @@ static ssize_t outlen_write(struct file *filp, const char __user *buf,
return -EFAULT;
err = sscanf(outlen_str, "%d", &outlen);
- if (err < 0)
- return err;
+ if (err != 1)
+ return -EINVAL;
ptr = kzalloc(outlen, GFP_KERNEL);
if (!ptr)
--
2.17.1
On Mon, Nov 21, 2022 at 07:22:04PM +0800, YueHaibing wrote:
> If sscanf() return 0, outlen is uninitialized and used in kzalloc(),
> this is unexpected. We should return -EINVAL if the string is invalid.
>
> Fixes: e126ba97dba9 ("mlx5: Add driver for Mellanox Connect-IB adapters")
> Signed-off-by: YueHaibing <[email protected]>
> ---
> drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
Thanks,
Reviewed-by: Leon Romanovsky <[email protected]>
On 21 Nov 19:22, YueHaibing wrote:
>If sscanf() return 0, outlen is uninitialized and used in kzalloc(),
>this is unexpected. We should return -EINVAL if the string is invalid.
>
>Fixes: e126ba97dba9 ("mlx5: Add driver for Mellanox Connect-IB adapters")
>Signed-off-by: YueHaibing <[email protected]>
>
applied to net-mlx5, thanks !