From: Colin King <colin.king@xxxxxxxxxxxxx>
Date: Wed, 19 Jul 2017 18:46:59 +0100
> From: Colin Ian King <colin.king@xxxxxxxxxxxxx>
>
> The array data is only populated with valid information from userspace
> if cmd != SIOCDEVPRIVATE, other cases the array contains garbage on
> the stack. The subsequent switch statement acts on a subcommand in
> data[0] which could be any garbage value if cmd is SIOCDEVPRIVATE which
> seems incorrect to me. Instead, just return EOPNOTSUPP for the case
> where cmd == SIOCDEVPRIVATE to avoid this issue.
>
> As a side note, I suspect that the original intention of the code
> was for this ioctl to work just for cmd == SIOCDEVPRIVATE (and the
> current logic is reversed). However, I don't wont to change the current
> semantics in case any userspace code relies on this existing behaviour.
>
> Detected by CoverityScan, CID#139647 ("Uninitialized scalar variable")
>
> Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>
Yeah this is the safest change for now, applied.
Francois added the register address range checking a year after the
driver was added, so maybe someone used this facility.
It should have been done via ethtool getregs...
--
To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
