[PATCH] net: bmac: Fix read of MAC address from ROM

Jeremy Kerr Mon, 18 May 2020 18:08:10 -0700

In bmac_get_station_address, We're reading two bytes at a time from ROM,
but we do that six times, resulting in 12 bytes of read & writes. This
means we will write off the end of the six-byte destination buffer.


This change fixes the for-loop to only read/write six bytes.

Based on a proposed fix from Finn Thain <fth...@telegraphics.com.au>.

Signed-off-by: Jeremy Kerr <j...@ozlabs.org>
Reported-by: Stan Johnson <user...@yahoo.com>
Tested-by: Stan Johnson <user...@yahoo.com>
Reported-by: Finn Thain <fth...@telegraphics.com.au>
---
 drivers/net/ethernet/apple/bmac.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/apple/bmac.c 
b/drivers/net/ethernet/apple/bmac.c
index a58185b1d8bf..3e3711b60d01 100644
--- a/drivers/net/ethernet/apple/bmac.c
+++ b/drivers/net/ethernet/apple/bmac.c
@@ -1182,7 +1182,7 @@ bmac_get_station_address(struct net_device *dev, unsigned 
char *ea)
        int i;
        unsigned short data;
 
-       for (i = 0; i < 6; i++)
+       for (i = 0; i < 3; i++)
                {
                        reset_and_select_srom(dev);
                        data = read_srom(dev, i + EnetAddressOffset/2, 
SROMAddressBits);
-- 
2.17.1

[PATCH] net: bmac: Fix read of MAC address from ROM

Reply via email to