lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 21 Nov 2008 14:16:21 -0800
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	Takashi Iwai <tiwai@...e.de>
Cc:	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Fix array overflow in parport_serial.c

On Thu, 20 Nov 2008 17:35:20 +0100
Takashi Iwai <tiwai@...e.de> wrote:

> Subject: [PATCH] Fix array overflow in parport_serial.c

Please prefer titles in the form

	subsystem identifer: what was done to it

I renamed this one to

	parport_serial: fix array overflow

> Date: Thu, 20 Nov 2008 17:35:20 +0100
> User-Agent: Wanderlust/2.12.0 (Your Wildest Dreams) SEMI/1.14.6 (Maruoka)
>  FLIM/1.14.7 (Sanj__) APEL/10.6 Emacs/22.3
>  (x86_64-suse-linux-gnu) MULE/5.0 (SAKAKI)
> 
> The netmos_9xx5_combo type assumes that PCI SSID provides always the
> correct value for the number of parallel and serial ports, but there
> are indeed broken devices with wrong numbers, which may result in
> Oops.
> 
> This patch simply adds the check of the array range.
> 
> Reference: Novell bnc#447067
> 	https://bugzilla.novell.com/show_bug.cgi?id=447067
> 
> Signed-off-by: Takashi Iwai <tiwai@...e.de>
> 
> ---
> diff --git a/drivers/parport/parport_serial.c b/drivers/parport/parport_serial.c
> index e2e95b3..101ed49 100644
> --- a/drivers/parport/parport_serial.c
> +++ b/drivers/parport/parport_serial.c
> @@ -70,6 +70,8 @@ static int __devinit netmos_parallel_init(struct pci_dev *dev, struct parport_pc
>  	 * parallel ports and <S> is the number of serial ports.
>  	 */
>  	card->numports = (dev->subsystem_device & 0xf0) >> 4;
> +	if (card->numports > ARRAY_SIZE(card->addr))

hm.  ARRAY_SIZE returns an unsigned type so we don't have to worry
about negative values when doing comparisons like this.  Not that
card->numports could be negative anyway, but it's always nice to set
readers' minds at rest..

> +		card->numports = ARRAY_SIZE(card->addr);
>  	return 0;
>  }


Should we emit some kind of warning when this is detected?  I guess
not, if we're sure that there will never be a situation in which users
find that some of their ports don't work?

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ