| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 17 Jul 2017 21:56:08 -0400
From: Jacob von Chorus <jacobvonchorus@...hoto.ca>
To: Joe Perches <joe@...ches.com>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Insop Song <insop.song@...nspeed.com>,
devel@...verdev.osuosl.org, linux-kernel@...r.kernel.org,
dan.carpenter@...cle.com
Subject: Re: [PATCH v2 2/2] staging: gs_fpgaboot: change char to u8
On Mon, Jul 17, 2017 at 06:22:08PM -0700, Joe Perches wrote:
> read_bitstream takes an int rdsize, not a u16.
> and this function will overflow tbuf if len > 64
>
> static void readinfo_bitstream(char *bitdata, char *buf, int *offset)
> {
> char tbuf[64];
> s32 len;
>
> /* read section char */
> read_bitstream(bitdata, tbuf, offset, 1);
>
> /* read length */
> read_bitstream(bitdata, tbuf, offset, 2);
>
> len = tbuf[0] << 8 | tbuf[1];
>
> read_bitstream(bitdata, buf, offset, len);
> buf[len] = '\0';
> }
>
> len is up to 64k but tbuf is 64 bytes.
tbuf is used here to read a total of 3 bytes over two calls to
read_bitstream. The larger read of size, len, is stored to buf which is
MAX_STR bytes in length.
> len = get_unaligned_le16(tbuf)
>
> might be nicer than
>
> len = tbuf[0] << 8 | tbuf[1];
Agreed, though it should be "get_unaligned_be16".
Thanks.
Regards,
Jacob von Chorus
Powered by blists - more mailing lists