lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 1 Feb 2017 13:34:49 +0000
From:   Colin Ian King <colin.king@...onical.com>
To:     Edward Cree <ecree@...arflare.com>,
        Dan Carpenter <dan.carpenter@...cle.com>,
        Solarflare linux maintainers <linux-net-drivers@...arflare.com>
Cc:     Bert Kenward <bkenward@...arflare.com>, netdev@...r.kernel.org,
        kernel-janitors@...r.kernel.org
Subject: Re: [patch net-next] sfc: a couple off by one bugs

On 01/02/17 13:24, Edward Cree wrote:
> On 01/02/17 08:50, Dan Carpenter wrote:
>> These checks are off by one.  These are just sanity checks and we don't
>> ever pass invalid values for "encap_type" so it's harmless.
>>
>> Fixes: 9b4108012517 ("sfc: insert catch-all filters for encapsulated traffic")
>> Signed-off-by: Dan Carpenter <dan.carpenter@...cle.com>
> One of these was already fixed by Colin Ian King in
> e9904990e8e70a51574e6ec6b872f3c705ec75f0 ("sfc: fix an off-by-one compare on an
> array size").

Ugh, I missed one of those.

> For the other one:
> Acked-by: Edward Cree <ecree@...arflare.com>
>> diff --git a/drivers/net/ethernet/sfc/ef10.c b/drivers/net/ethernet/sfc/ef10.c
>> index 8bec9383d754..dec0c8083ff3 100644
>> --- a/drivers/net/ethernet/sfc/ef10.c
>> +++ b/drivers/net/ethernet/sfc/ef10.c
>> @@ -5080,7 +5080,7 @@ static int efx_ef10_filter_insert_def(struct efx_nic *efx,
>>
>>               /* quick bounds check (BCAST result impossible) */
>>               BUILD_BUG_ON(EFX_EF10_BCAST != 0);
>> -             if (encap_type > ARRAY_SIZE(map) || map[encap_type] == 0) {
>> +             if (encap_type >= ARRAY_SIZE(map) || map[encap_type] == 0) {
>>                       WARN_ON(1);
>>                       return -EINVAL;
>>               }
>> @@ -5134,7 +5134,7 @@ static int efx_ef10_filter_insert_def(struct efx_nic *efx,
>>
>>               /* quick bounds check (BCAST result impossible) */
>>               BUILD_BUG_ON(EFX_EF10_BCAST != 0);
>> -             if (encap_type > ARRAY_SIZE(map) || map[encap_type] == 0) {
>> +             if (encap_type >= ARRAY_SIZE(map) || map[encap_type] == 0) {
>>                       WARN_ON(1);
>>                       return -EINVAL;
>>               }
> 
> 
> The information contained in this message is confidential and is intended for the addressee(s) only. If you have received this message in error, please notify the sender immediately and delete the message. Unless you are an addressee (or authorized to receive for an addressee), you may not use, copy or disclose to anyone this message or any information contained in this message. The unauthorized use, disclosure, copying or alteration of this message is strictly prohibited.
> --
> To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ