lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Fri, 30 Jan 2009 20:21:09 -0800
From:	Arve Hjønnevåg <arve@...roid.com>
To:	greg@...ah.com
Cc:	linux-kernel@...r.kernel.org, wferi@...f.hu,
	akpm@...ux-foundation.org,
	Arve Hjønnevåg <arve@...roid.com>
Subject: [PATCH] ram_console: Disable ECC when early init is enabled and validate buffer size

Signed-off-by: Arve Hjønnevåg <arve@...roid.com>
---
 drivers/staging/android/Kconfig       |    1 +
 drivers/staging/android/ram_console.c |   14 ++++++++++++++
 2 files changed, 15 insertions(+), 0 deletions(-)

diff --git a/drivers/staging/android/Kconfig b/drivers/staging/android/Kconfig
index 6b996db..604bd1e 100644
--- a/drivers/staging/android/Kconfig
+++ b/drivers/staging/android/Kconfig
@@ -27,6 +27,7 @@ menuconfig ANDROID_RAM_CONSOLE_ERROR_CORRECTION
 	bool "Android RAM Console Enable error correction"
 	default n
 	depends on ANDROID_RAM_CONSOLE
+	depends on !ANDROID_RAM_CONSOLE_EARLY_INIT
 	select REED_SOLOMON
 	select REED_SOLOMON_ENC8
 	select REED_SOLOMON_DEC8
diff --git a/drivers/staging/android/ram_console.c b/drivers/staging/android/ram_console.c
index bf00685..643ac5c 100644
--- a/drivers/staging/android/ram_console.c
+++ b/drivers/staging/android/ram_console.c
@@ -224,9 +224,23 @@ static int __init ram_console_init(struct ram_console_buffer *buffer,
 	ram_console_buffer_size =
 		buffer_size - sizeof(struct ram_console_buffer);
 
+	if (ram_console_buffer_size > buffer_size) {
+		pr_err("ram_console: buffer %p, invalid size %d, datasize %d\n",
+		       buffer, buffer_size, ram_console_buffer_size);
+		return 0;
+	}
+
 #ifdef CONFIG_ANDROID_RAM_CONSOLE_ERROR_CORRECTION
 	ram_console_buffer_size -= (DIV_ROUND_UP(ram_console_buffer_size,
 						ECC_BLOCK_SIZE) + 1) * ECC_SIZE;
+
+	if (ram_console_buffer_size > buffer_size) {
+		pr_err("ram_console: buffer %p, invalid size %d, "
+		       "non-ecc datasize %d\n",
+		       buffer, buffer_size, ram_console_buffer_size);
+		return 0;
+	}
+
 	ram_console_par_buffer = buffer->data + ram_console_buffer_size;
 
 
-- 
1.6.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ