lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <6b4e42d10610071626v22ca2dafpd88d689429313a98@mail.gmail.com>
Date:	Sat, 7 Oct 2006 16:26:40 -0700
From:	"Om Narasimhan" <om.turyx@...il.com>
To:	"Yoichi Yuasa" <yoichi_yuasa@...peaks.co.jp>
Cc:	akpm@...l.org, linux-kernel@...r.kernel.org
Subject: fixed PCMCIA au1000_generic.c potential crash.

Hi,
Please find the corrected patch.
This patch fixes the following issues in drivers/pcmcia/au1000_generic.c.

1. On the error path, skt would not contain a valid value for the
first iteration (skt is masked by uninitialized automatic variable
skt) which would cause a crash.
2. does not do hw_shutdown() for 0th element of PCMCIA_SOCKET.


Applies cleanly to 2.6.18-rc6, rc7, 2.6.18, and 2.6.19-rc1
Regards,
Om.


 drivers/pcmcia/au1000_generic.c |   15 +++++++++------
 1 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/drivers/pcmcia/au1000_generic.c b/drivers/pcmcia/au1000_generic.c
index d5dd0ce..5387de6 100644
--- a/drivers/pcmcia/au1000_generic.c
+++ b/drivers/pcmcia/au1000_generic.c
@@ -351,6 +351,7 @@ struct skt_dev_info {
 int au1x00_pcmcia_socket_probe(struct device *dev, struct
pcmcia_low_level *ops, int first, int nr)
 {
        struct skt_dev_info *sinfo;
+       struct au1000_pcmcia_socket *skt;
        int ret, i;

        sinfo = kzalloc(sizeof(struct skt_dev_info), GFP_KERNEL);
@@ -365,7 +366,7 @@ int au1x00_pcmcia_socket_probe(struct de
         * Initialise the per-socket structure.
         */
        for (i = 0; i < nr; i++) {
-               struct au1000_pcmcia_socket *skt = PCMCIA_SOCKET(i);
+               skt = PCMCIA_SOCKET(i);
                memset(skt, 0, sizeof(*skt));

                skt->socket.resource_ops = &pccard_static_ops;
@@ -438,17 +439,19 @@ #endif
        dev_set_drvdata(dev, sinfo);
        return 0;

-       do {
-               struct au1000_pcmcia_socket *skt = PCMCIA_SOCKET(i);
+
+out_err:
+       flush_scheduled_work();
+       ops->hw_shutdown(skt);
+       while (i-- > 0) {
+               skt = PCMCIA_SOCKET(i);

                del_timer_sync(&skt->poll_timer);
                pcmcia_unregister_socket(&skt->socket);
-out_err:
                flush_scheduled_work();
                ops->hw_shutdown(skt);

-               i--;
-       } while (i > 0);
+       }
        kfree(sinfo);
 out:
        return ret;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ