Skip to content

drivers: mdio: shell: Fix various buffer overflows #93257

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

drivers: mdio: shell: Fix various buffer overflows #93257

wants to merge 1 commit into from
+32 −7

Conversation

clamattia
Copy link
Contributor

Need to check argument count to avoid buffer overflows and crashes.

@clamattia clamattia requested a review from maass-hamburg July 17, 2025 08:23
@zephyrbot zephyrbot requested a review from decsny July 17, 2025 08:23
@clamattia clamattia mentioned this pull request Jul 17, 2025
Merged
@clamattia
Copy link
Contributor Author

Related: #93254

@clamattia clamattia force-pushed the hotfix/mdio_shell_buffer_overflow branch from 839b05b to 9f97e96 Compare July 17, 2025 08:27
@clamattia
drivers: mdio: shell: Fix various buffer overflows
1b4dd13 
Need to check argument count to avoid buffer overflows and crashes.

Signed-off-by: Cla Mattia Galliard <[email protected]>
@clamattia clamattia force-pushed the hotfix/mdio_shell_buffer_overflow branch from 9f97e96 to 1b4dd13 Compare July 17, 2025 08:42
@sonarqubecloud SonarQubeCloud
Copy link

Please retry analysis of this Pull-Request directly on SonarQube Cloud

tpambor
tpambor reviewed Jul 17, 2025
View reviewed changes
drivers/mdio/mdio_shell.c
if (ret < 0) {
return ret;
}

if (argc < 5) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this and the below new checks are not needed as the commands take no optional arguments and therefore this is already checked by the shell.

zephyr/include/zephyr/shell/shell.h

Lines 531 to 532 in 72dc0e5

* @note If a command will be called with wrong number of arguments shell will
* print an error message and command handler will not be called.

tpambor
tpambor reviewed Jul 17, 2025
View reviewed changes
Copy link
Contributor

@tpambor tpambor left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the number of mandatory arguments for the scan command should be fixed, currently 1 but should be 2, scan and device.

	SHELL_CMD_ARG(scan, &dsub_device_name,
		"Scan MDIO bus for devices: scan <device> [<reg_addr>]",
		cmd_mdio_scan, 1, 1),

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tpambor tpambor tpambor left review comments

@etienne-lms etienne-lms etienne-lms approved these changes

@maass-hamburg maass-hamburg Awaiting requested review from maass-hamburg

@decsny decsny Awaiting requested review from decsny

@djiatsaf-st djiatsaf-st Awaiting requested review from djiatsaf-st

@erwango erwango Awaiting requested review from erwango

@FRASTM FRASTM Awaiting requested review from FRASTM

@gautierg-st gautierg-st Awaiting requested review from gautierg-st

@GeorgeCGV GeorgeCGV Awaiting requested review from GeorgeCGV

@jukkar jukkar Awaiting requested review from jukkar

@lmajewski lmajewski Awaiting requested review from lmajewski

@marwaiehm-st marwaiehm-st Awaiting requested review from marwaiehm-st

@mathieuchopstm mathieuchopstm Awaiting requested review from mathieuchopstm

@pdgendt pdgendt Awaiting requested review from pdgendt

@rlubos rlubos Awaiting requested review from rlubos

@ssharks ssharks Awaiting requested review from ssharks

At least 2 approving reviews are required to merge this pull request.

Assignees

@maass-hamburg maass-hamburg

Labels
area: Ethernet area: MDIO area: Networking platform: STM32 ST Micro STM32
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@clamattia @tpambor @etienne-lms @zephyrbot @maass-hamburg