hdlcdrv: Fix divide by zero in hdlcdrv_ioctl

syszkaller fuzzer triggered a divide by zero, when set calibration through ioctl(). To fix it, test 'bitrate' if it is negative or 0, just return -EINVAL. Reported-by: N Andrey Konovalov <andreyknvl@google.com> Signed-off-by: N Firo Yang <firogm@gmail.com> Signed-off-by: N David S. Miller <davem@davemloft.net>

hdlcdrv: Fix divide by zero in hdlcdrv_ioctl
syszkaller fuzzer triggered a divide by zero, when set calibration through ioctl(). To fix it, test 'bitrate' if it is negative or 0, just return -EINVAL. Reported-by: N Andrey Konovalov <andreyknvl@google.com> Signed-off-by: N Firo Yang <firogm@gmail.com> Signed-off-by: N David S. Miller <davem@davemloft.net>
fb3ce90b · Firo Yang · David S. Miller · 6c713a3a · fb3ce90b
隐藏空白更改
内联并排

Showing with 2 addition and 0 deletion

drivers/net/hamradio/hdlcdrv.c drivers/net/hamradio/hdlcdrv.c +2 -0

未找到文件。
--- a/drivers/net/hamradio/hdlcdrv.c
+++ b/drivers/net/hamradio/hdlcdrv.c
@@ -576,6 +576,8 @@ static int hdlcdrv_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
 	case HDLCDRVCTL_CALIBRATE:
 		if(!capable(CAP_SYS_RAWIO))
 			return -EPERM;
+		if (s->par.bitrate <= 0)
+			return -EINVAL;
 		if (bi.data.calibrate > INT_MAX / s->par.bitrate)
 			return -EINVAL;
 		s->hdlctx.calibrate = bi.data.calibrate * s->par.bitrate / 16;