lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Tue, 18 Sep 2012 02:51:57 +0200
From:	"Sebastian Gottschall (DD-WRT)" <s.gottschall@...wrt.com>
To:	linux-kernel@...r.kernel.org, linux-usb@...r.kernel.org
Subject: Re: XHCI Bug discovered in 3.6-RC6 (solution included)

this following function is missing a important NULL check. if DMI is not 
available or not enabled in the kernel config (which is common in my 
case, since its a ARM Platform with XHCI support)
the xhci-hcd driver will crash due nullpointer access since 
dmi_get_system_info returns always NULL if DMI support is not enabled.

static bool compliance_mode_recovery_timer_quirk_check(void)
{
     const char *dmi_product_name, *dmi_sys_vendor;

     dmi_product_name = dmi_get_system_info(DMI_PRODUCT_NAME);
     dmi_sys_vendor = dmi_get_system_info(DMI_SYS_VENDOR);

     if (!(strstr(dmi_sys_vendor, "Hewlett-Packard")))
         return false;

     if (strstr(dmi_product_name, "Z420") ||
             strstr(dmi_product_name, "Z620") ||
             strstr(dmi_product_name, "Z820"))
         return true;

     return false;
}

proposed patch: simply add

  if (!dmi_sys_vendor || !dmi_product_name)
         return false;

even better. disable the whole quirk handling for this case if 
CONFIG_DMI is not set



-- 
Mit freundlichen Grüssen / Regards

Sebastian Gottschall / CTO

NewMedia-NET GmbH - DD-WRT
Firmensitz:  Berliner Ring 101, 64625 Bensheim
Registergericht: Amtsgericht Darmstadt, HRB 25473
Geschäftsführer: Peter Steinhäuser, Christian Scheele
http://www.dd-wrt.com
email: s.gottschall@...wrt.com
Tel.: +496251-582650 / Fax: +496251-5826565

-- 
Mit freundlichen Grüssen / Regards

Sebastian Gottschall / CTO

NewMedia-NET GmbH - DD-WRT
Firmensitz:  Berliner Ring 101, 64625 Bensheim
Registergericht: Amtsgericht Darmstadt, HRB 25473
Geschäftsführer: Peter Steinhäuser, Christian Scheele
http://www.dd-wrt.com
email:s.gottschall@...wrt.com
Tel.: +496251-582650 / Fax: +496251-5826565

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists