| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 08 Aug 2016 21:10:20 -0400 From: "Martin K. Petersen" <martin.petersen@...cle.com> To: Calvin Owens <calvinowens@...com> Cc: Sathya Prakash <sathya.prakash@...adcom.com>, Chaitra P B <chaitra.basappa@...adcom.com>, Suganath Prabu Subramani <suganath-prabu.subramani@...adcom.com>, "James E.J. Bottomley" <jejb@...ux.vnet.ibm.com>, "Martin K. Petersen" <martin.petersen@...cle.com>, <MPT-FusionLinux.pdl@...adcom.com>, <linux-scsi@...r.kernel.org>, <linux-kernel@...r.kernel.org>, <kernel-team@...com> Subject: Re: [PATCH] mpt3sas: Ensure the connector_name string is NUL-terminated >>>>> "Calvin" == Calvin Owens <calvinowens@...com> writes: Calvin> We blindly trust the hardware to give us NUL-terminated strings, Calvin> which is a bad idea because it doesn't always do that. For Calvin> example: Calvin> [ 481.184784] mpt3sas_cm0: enclosure level(0x0000), connector Calvin> name( \x3) Calvin> In this case, connector_name is four spaces. We got lucky here Calvin> because the 2nd byte beyond our character array happens to be a Calvin> NUL. Fix this by explicitly writing '\0' to the end of the Calvin> string to ensure we don't run off the edge of the world in Calvin> printk(). Applied to 4.9/scsi-queue. -- Martin K. Petersen Oracle Linux Engineering
Powered by blists - more mailing lists