| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 10 Jul 2014 17:01:08 -0700 (PDT) From: David Miller <davem@...emloft.net> To: stephen@...workplumber.org Cc: netdev@...r.kernel.org Subject: Re: [Bug 79811] New: ethernet/dec/tulip/tulip_core.c:592: array index check in wrong place ? From: Stephen Hemminger <stephen@...workplumber.org> Date: Thu, 10 Jul 2014 05:50:22 -0700 > Subject: [Bug 79811] New: ethernet/dec/tulip/tulip_core.c:592: array index check in wrong place ? ... > ethernet/dec/tulip/tulip_core.c:592]: (style) Array index 'j' is used before > limits check. > > for (j = 0; buf[j] != 0xee && j < 1600; j++) > > Suggest put limit check before index use. This code has never actually ever been compiled for at least a decade or two, it's ifdef protected against "way_too_many_messages" which nothing will ever define. This is what really eats me about automated tools sometimes, and in this case I have two gripes: 1) The tool doesn't take into consideration that the code might never be compiled. 2) The code actually is buggy is far more important ways, it takes a DMA mapping cookie and dereferences it as a CPU pointer: u8 *buf = (u8 *)(tp->rx_ring[i].buffer1); which is guaranteed to not work. So in actuality this entire code block should be rewritten or removed. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists