aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPhilipp Stanner2023-11-06 10:16:00 +0100
committerDavid S. Miller2023-11-08 09:40:19 +0000
commitcaf3100810f4150677f4e1057aa0a29f8a2c3743 (patch)
tree996bc5c773a30a9504b051a8a76abc41b09691e7
parentf968c56417f00be4cb62eadeed042a1e3c80dc53 (diff)
drivers/net/ppp: use standard array-copy-function
In ppp_generic.c, memdup_user() is utilized to copy a userspace array. This is done without an overflow-check, which is, however, not critical because the multiplicands are an unsigned short and struct sock_filter, which is currently of size 8. Regardless, string.h now provides memdup_array_user(), a wrapper for copying userspace arrays in a standardized manner, which has the advantage of making it more obvious to the reader that an array is being copied. The wrapper additionally performs an obligatory overflow check, saving the reader the effort of analyzing the potential for overflow, and making the code a bit more robust in case of future changes to the multiplicands len * size. Replace memdup_user() with memdup_array_user(). Suggested-by: Dave Airlie <airlied@redhat.com> Signed-off-by: Philipp Stanner <pstanner@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--drivers/net/ppp/ppp_generic.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c
index a9beacd552cf..0193af2d31c9 100644
--- a/drivers/net/ppp/ppp_generic.c
+++ b/drivers/net/ppp/ppp_generic.c
@@ -570,8 +570,8 @@ static struct bpf_prog *get_filter(struct sock_fprog *uprog)
/* uprog->len is unsigned short, so no overflow here */
fprog.len = uprog->len;
- fprog.filter = memdup_user(uprog->filter,
- uprog->len * sizeof(struct sock_filter));
+ fprog.filter = memdup_array_user(uprog->filter,
+ uprog->len, sizeof(struct sock_filter));
if (IS_ERR(fprog.filter))
return ERR_CAST(fprog.filter);