| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 26 Oct 2011 15:20:42 +0200
From: Takashi Iwai <tiwai@...e.de>
To: Alexander Stein <alexander.stein@...tec-electronic.com>
Cc: Jaroslav Kysela <perex@...ex.cz>, alsa-devel@...a-project.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] hda_hwdep: Fix possible buffer overflow
At Wed, 26 Oct 2011 15:15:24 +0200,
Alexander Stein wrote:
>
> Hello,
>
> On Wednesday 26 October 2011 14:58:43 Takashi Iwai wrote:
> > At Wed, 26 Oct 2011 09:48:12 +0200,
> >
> > Alexander Stein wrote:
> > > If a line in the firmware file is larger than the given buffer size (and
> > > so the firmware file size), size is set to a value larger than the actual
> > > buffer size. This results in an overflow in the buffer passed.
> > > Fix this by copying only up to 127 chars per line.
> >
> > Actually this check should have been
> >
> > if (size > fw->size)
> > size = fw->size;
> >
> > Otherwise it doesn't make sense.
> > If the change is OK, could you resend the patch with it?
>
> IMO this check isn't even needed. This case should be catched by this check
>
> for (len = 0; len < fw->size; len++) {
>
> already.
> Opinions?
Right, it's superfluous. Let's get rid of it.
Takashi
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists