lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAODwPW9SaomZjWQvR1mmV7OzvQkq-_XoDgSmK04fO5rVMGHmpw@mail.gmail.com>
Date:   Mon, 9 Jan 2023 16:02:26 +0100
From:   Julius Werner <jwerner@...omium.org>
To:     Kees Cook <keescook@...omium.org>
Cc:     Jack Rosenthal <jrosenth@...omium.org>,
        Paul Menzel <pmenzel@...gen.mpg.de>,
        Guenter Roeck <groeck@...omium.org>,
        Julius Werner <jwerner@...omium.org>,
        Brian Norris <briannorris@...omium.org>,
        Stephen Boyd <swboyd@...omium.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH v2] firmware: coreboot: Check size of table entry and
 split memcpy

Reviewed-by: Julius Werner <jwerner@...omium.org>

> -               memcpy(&device->entry, ptr_entry, entry->size);
> +               memcpy(device->raw, entry, entry->size);

nit: It's a bit odd to change the source pointer from ptr_entry to
entry here. Technically the static analyzer would be within its rights
to give you a warning for that as well, because you're now
"overrunning" the source struct instead of the destination one.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ