lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Thu, 20 Aug 2009 13:53:51 +0200
From:	Geert Uytterhoeven <geert@...ux-m68k.org>
To:	Roel Kluin <roel.kluin@...il.com>
Cc:	netdev@...r.kernel.org,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	linux-m68k@...ts.linux-m68k.org
Subject: Re: zorro8390: Fix read buffer overflow in zorro8390_init_one()

On Tue, Aug 18, 2009 at 23:59, Linux Kernel Mailing
List<linux-kernel@...r.kernel.org> wrote:
> Gitweb:     http://git.kernel.org/linus/be12159b24c532b4b48bdec5a543336438faa132
> Commit:     be12159b24c532b4b48bdec5a543336438faa132
> Parent:     5e33b719c8fcccfedc1d25167826a0f93fe6c5a1
> Author:     roel kluin <roel.kluin@...il.com>
> AuthorDate: Sun Aug 9 04:00:25 2009 +0000
> Committer:  David S. Miller <davem@...emloft.net>
> CommitDate: Sun Aug 9 21:46:53 2009 -0700
>
>    zorro8390: Fix read buffer overflow in zorro8390_init_one()
>
>    Prevent read from cards[-1] when no card was found.
>
>    Signed-off-by: Roel Kluin <roel.kluin@...il.com>
>    Signed-off-by: David S. Miller <davem@...emloft.net>
> ---
>  drivers/net/zorro8390.c |    3 +++
>  1 files changed, 3 insertions(+), 0 deletions(-)
>
> diff --git a/drivers/net/zorro8390.c b/drivers/net/zorro8390.c
> index 37c84e3..81c753a 100644
> --- a/drivers/net/zorro8390.c
> +++ b/drivers/net/zorro8390.c
> @@ -120,6 +120,9 @@ static int __devinit zorro8390_init_one(struct zorro_dev *z,
>     for (i = ARRAY_SIZE(cards)-1; i >= 0; i--)
>        if (z->id == cards[i].id)
>            break;
> +    if (i < 0)
> +        return -ENODEV;
> +
>     board = z->resource.start;
>     ioaddr = board+cards[i].offset;
>     dev = alloc_ei_netdev();

That case can never happen, as zorro8390_init_one() won't be called
without a matching ID.

But probably the information in struct card_info should be stored in
zorro8390_zorro_tbl[].driver_data,
so we can remove cards[] and the look up.

Gr{oetje,eeting}s,

						Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@...ux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
							    -- Linus Torvalds
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ