lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 22 Jun 2021 15:24:42 +0000 (UTC) From: Kalle Valo <kvalo@...eaurora.org> To: Kees Cook <keescook@...omium.org> Cc: Kees Cook <keescook@...omium.org>, Larry Finger <Larry.Finger@...inger.net>, Ping-Ke Shih <pkshih@...ltek.com>, "David S. Miller" <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>, Kaixu Xia <kaixuxia@...cent.com>, linux-kernel@...r.kernel.org, linux-wireless@...r.kernel.org, netdev@...r.kernel.org, linux-hardening@...r.kernel.org Subject: Re: [PATCH] rtlwifi: rtl8192de: Fully initialize curvecount_val Kees Cook <keescook@...omium.org> wrote: > In preparation for FORTIFY_SOURCE performing compile-time and run-time > field bounds checking for memcpy(), memmove(), and memset(), avoid > intentionally writing across neighboring array fields. > > The size argument to memset() is bytes, but the array element size > of curvecount_val is u32, so "CV_CURVE_CNT * 2" was only 1/4th of the > contents of curvecount_val. Adjust memset() to wipe full buffer size. > > Signed-off-by: Kees Cook <keescook@...omium.org> > Reviewed-by: Larry Finger <Larry.Finger@...inger.net> Patch applied to wireless-drivers-next.git, thanks. 0d5e743db480 rtlwifi: rtl8192de: Fully initialize curvecount_val -- https://patchwork.kernel.org/project/linux-wireless/patch/20210617171317.3410722-1-keescook@chromium.org/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
Powered by blists - more mailing lists