| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20210622152442.EBE91C4323A@smtp.codeaurora.org>
Date: Tue, 22 Jun 2021 15:24:42 +0000 (UTC)
From: Kalle Valo <kvalo@...eaurora.org>
To: Kees Cook <keescook@...omium.org>
Cc: Kees Cook <keescook@...omium.org>,
Larry Finger <Larry.Finger@...inger.net>,
Ping-Ke Shih <pkshih@...ltek.com>,
"David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
Kaixu Xia <kaixuxia@...cent.com>, linux-kernel@...r.kernel.org,
linux-wireless@...r.kernel.org, netdev@...r.kernel.org,
linux-hardening@...r.kernel.org
Subject: Re: [PATCH] rtlwifi: rtl8192de: Fully initialize curvecount_val
Kees Cook <keescook@...omium.org> wrote:
> In preparation for FORTIFY_SOURCE performing compile-time and run-time
> field bounds checking for memcpy(), memmove(), and memset(), avoid
> intentionally writing across neighboring array fields.
>
> The size argument to memset() is bytes, but the array element size
> of curvecount_val is u32, so "CV_CURVE_CNT * 2" was only 1/4th of the
> contents of curvecount_val. Adjust memset() to wipe full buffer size.
>
> Signed-off-by: Kees Cook <keescook@...omium.org>
> Reviewed-by: Larry Finger <Larry.Finger@...inger.net>
Patch applied to wireless-drivers-next.git, thanks.
0d5e743db480 rtlwifi: rtl8192de: Fully initialize curvecount_val
--
https://patchwork.kernel.org/project/linux-wireless/patch/20210617171317.3410722-1-keescook@chromium.org/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
Powered by blists - more mailing lists