| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 18 Sep 2012 15:36:35 +0100
From: Greg KH <greg@...ah.com>
To: "Sebastian Gottschall (DD-WRT)" <s.gottschall@...wrt.com>
Cc: linux-kernel@...r.kernel.org, linux-usb@...r.kernel.org
Subject: Re: XHCI Bug discovered in 3.6-RC6 (solution included)
On Tue, Sep 18, 2012 at 02:51:57AM +0200, Sebastian Gottschall (DD-WRT) wrote:
> this following function is missing a important NULL check. if DMI is
> not available or not enabled in the kernel config (which is common
> in my case, since its a ARM Platform with XHCI support)
> the xhci-hcd driver will crash due nullpointer access since
> dmi_get_system_info returns always NULL if DMI support is not
> enabled.
>
> static bool compliance_mode_recovery_timer_quirk_check(void)
> {
> const char *dmi_product_name, *dmi_sys_vendor;
>
> dmi_product_name = dmi_get_system_info(DMI_PRODUCT_NAME);
> dmi_sys_vendor = dmi_get_system_info(DMI_SYS_VENDOR);
>
> if (!(strstr(dmi_sys_vendor, "Hewlett-Packard")))
> return false;
>
> if (strstr(dmi_product_name, "Z420") ||
> strstr(dmi_product_name, "Z620") ||
> strstr(dmi_product_name, "Z820"))
> return true;
>
> return false;
> }
>
> proposed patch: simply add
>
> if (!dmi_sys_vendor || !dmi_product_name)
> return false;
>
> even better. disable the whole quirk handling for this case if
> CONFIG_DMI is not set
Care to send a patch to fix this up?
thanks,
greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists