Commit 3efe90af authored by Kai Ye's avatar Kai Ye Committed by Herbert Xu

crypto: hisilicon/qm - increase the memory of local variables

Increase the buffer to prevent stack overflow by fuzz test. The maximum
length of the qos configuration buffer is 256 bytes. Currently, the value
of the 'val buffer' is only 32 bytes. The sscanf does not check the dest
memory length. So the 'val buffer' may stack overflow.
Signed-off-by: default avatarKai Ye <yekai13@huawei.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 7984ceb1
...@@ -250,7 +250,6 @@ ...@@ -250,7 +250,6 @@
#define QM_QOS_MIN_CIR_B 100 #define QM_QOS_MIN_CIR_B 100
#define QM_QOS_MAX_CIR_U 6 #define QM_QOS_MAX_CIR_U 6
#define QM_QOS_MAX_CIR_S 11 #define QM_QOS_MAX_CIR_S 11
#define QM_QOS_VAL_MAX_LEN 32
#define QM_DFX_BASE 0x0100000 #define QM_DFX_BASE 0x0100000
#define QM_DFX_STATE1 0x0104000 #define QM_DFX_STATE1 0x0104000
#define QM_DFX_STATE2 0x01040C8 #define QM_DFX_STATE2 0x01040C8
...@@ -4612,7 +4611,7 @@ static ssize_t qm_get_qos_value(struct hisi_qm *qm, const char *buf, ...@@ -4612,7 +4611,7 @@ static ssize_t qm_get_qos_value(struct hisi_qm *qm, const char *buf,
unsigned int *fun_index) unsigned int *fun_index)
{ {
char tbuf_bdf[QM_DBG_READ_LEN] = {0}; char tbuf_bdf[QM_DBG_READ_LEN] = {0};
char val_buf[QM_QOS_VAL_MAX_LEN] = {0}; char val_buf[QM_DBG_READ_LEN] = {0};
u32 tmp1, device, function; u32 tmp1, device, function;
int ret, bus; int ret, bus;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment