| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 16 May 2018 21:19:51 -0700
From: frowand.list@...il.com
To: Rob Herring <robh+dt@...nel.org>, pantelis.antoniou@...sulko.com,
Pantelis Antoniou <panto@...oniou-consulting.com>
Cc: Dan Carpenter <dan.carpenter@...cle.com>,
devicetree@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH] of: overlay: validate offset from property fixups
From: Frank Rowand <frank.rowand@...y.com>
The smatch static checker marks the data in offset as untrusted,
leading it to warn:
drivers/of/resolver.c:125 update_usages_of_a_phandle_reference()
error: buffer underflow 'prop->value' 's32min-s32max'
Add check to verify that offset is within the property data.
Reported-by: Dan Carpenter <dan.carpenter@...cle.com>
Signed-off-by: Frank Rowand <frank.rowand@...y.com>
---
drivers/of/resolver.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/of/resolver.c b/drivers/of/resolver.c
index 65d0b7adfcd4..7edfac6f1914 100644
--- a/drivers/of/resolver.c
+++ b/drivers/of/resolver.c
@@ -122,6 +122,11 @@ static int update_usages_of_a_phandle_reference(struct device_node *overlay,
goto err_fail;
}
+ if (offset < 0 || offset + sizeof(__be32) > prop->length) {
+ err = -EINVAL;
+ goto err_fail;
+ }
+
*(__be32 *)(prop->value + offset) = cpu_to_be32(phandle);
}
--
Frank Rowand <frank.rowand@...y.com>
Powered by blists - more mailing lists