| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 24 Jul 2013 00:44:05 +0000 From: "Zheng, Lv" <lv.zheng@...el.com> To: Greg KH <gregkh@...uxfoundation.org> CC: "Wysocki, Rafael J" <rafael.j.wysocki@...el.com>, "Brown, Len" <len.brown@...el.com>, Corey Minyard <minyard@....org>, "Zhao, Yakui" <yakui.zhao@...el.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "stable@...r.kernel.org" <stable@...r.kernel.org>, "linux-acpi@...r.kernel.org" <linux-acpi@...r.kernel.org>, "openipmi-developer@...ts.sourceforge.net" <openipmi-developer@...ts.sourceforge.net> Subject: RE: [PATCH 01/13] ACPI/IPMI: Fix potential response buffer overflow > From: Zheng, Lv > Sent: Wednesday, July 24, 2013 8:22 AM > > > From: linux-acpi-owner@...r.kernel.org > > [mailto:linux-acpi-owner@...r.kernel.org] On Behalf Of Greg KH > > Sent: Tuesday, July 23, 2013 10:54 PM > > > > On Tue, Jul 23, 2013 at 04:08:59PM +0800, Lv Zheng wrote: > > > This patch enhances sanity checks on message size to avoid potential > > > buffer overflow. > > > > > > The kernel IPMI message size is IPMI_MAX_MSG_LENGTH(272 bytes) while > > > the ACPI specification defined IPMI message size is 64 bytes. The > > > difference is not handled by the original codes. This may cause > > > crash in the response handling codes. > > > This patch fixes this gap and also combines rx_data/tx_data to use > > > single data/len pair since they need not be seperated. > > > > > > Signed-off-by: Lv Zheng <lv.zheng@...el.com> > > > Reviewed-by: Huang Ying <ying.huang@...el.com> > > > --- > > > drivers/acpi/acpi_ipmi.c | 100 > > > ++++++++++++++++++++++++++++------------------ > > > 1 file changed, 61 insertions(+), 39 deletions(-) > > > > <formletter> > > > > This is not the correct way to submit patches for inclusion in the > > stable kernel tree. Please read Documentation/stable_kernel_rules.txt > > for how to do this properly. > > > > </formletter> > > > > Same goes for the other patches you sent in this thread... > > OK, I'll add prerequisites for each that want to be accepted by the stable queue > and re-send them (PATCH 01-06). Maybe I shouldn't. I looks it is not possible to add commit ID prerequisites for patch series that has not been accepted by the mainline. As the patches haven't been merged by the mainline, it is likely that the commit IDs in this series will be changed. Please ignore [PATCH 01-06] that have been sent to the stable mailing list. I'll just let ACPI maintainers know which patches I think that can go for stable tree and let they make the decision after the mainline acceptance. Thanks and best regards -Lv > > Thanks and best regards > -Lv > > > -- > > To unsubscribe from this list: send the line "unsubscribe linux-acpi" > > in the body of a message to majordomo@...r.kernel.org More majordomo > > info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists