can: dev: can_put_echo_skb(): don't crash kernel if can_priv::echo_skb is accessed...

author Marc Kleine-Budde <mkl@pengutronix.de>

Fri, 29 Sep 2023 08:23:47 +0000 (10:23 +0200)

committer Marc Kleine-Budde <mkl@pengutronix.de>

Thu, 5 Oct 2023 19:34:13 +0000 (21:34 +0200)
author Marc Kleine-Budde <mkl@pengutronix.de>
Fri, 29 Sep 2023 08:23:47 +0000 (10:23 +0200)
committer Marc Kleine-Budde <mkl@pengutronix.de>
Thu, 5 Oct 2023 19:34:13 +0000 (21:34 +0200)
diff --git a/drivers/net/can/dev/skb.c b/drivers/net/can/dev/skb.c

index f6d05b3ef59abf85a0bd7f40f9333983b44e4a90..3ebd4f779b9bdf9d0ce1d1b22b3ccdea2c8e841b 100644 (file)
--- a/drivers/net/can/dev/skb.c
+++ b/drivers/net/can/dev/skb.c
@@ -49,7 +49,11 @@ int can_put_echo_skb(struct sk_buff *skb, struct net_device *dev,
  {
         struct can_priv *priv = netdev_priv(dev);
  
-       BUG_ON(idx >= priv->echo_skb_max);
+       if (idx >= priv->echo_skb_max) {
+               netdev_err(dev, "%s: BUG! Trying to access can_priv::echo_skb out of bounds (%u/max %u)\n",
+                          __func__, idx, priv->echo_skb_max);
+               return -EINVAL;
+       }
  
         /* check flag whether this packet has to be looped back */
         if (!(dev->flags & IFF_ECHO) ||
author	Marc Kleine-Budde <mkl@pengutronix.de>
	Fri, 29 Sep 2023 08:23:47 +0000 (10:23 +0200)
committer	Marc Kleine-Budde <mkl@pengutronix.de>
	Thu, 5 Oct 2023 19:34:13 +0000 (21:34 +0200)