lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 8 Oct 2006 13:55:36 -0700
From:	Andrew Morton <akpm@...l.org>
To:	"Om Narasimhan" <om.turyx@...il.com>
Cc:	"Yoichi Yuasa" <yoichi_yuasa@...peaks.co.jp>,
	linux-kernel@...r.kernel.org,
	Dominik Brodowski <linux@...inikbrodowski.net>
Subject: Re: fixed PCMCIA au1000_generic.c potential crash.

On Sat, 7 Oct 2006 16:26:40 -0700
"Om Narasimhan" <om.turyx@...il.com> wrote:

> Please find the corrected patch.

The patch is wordwrapped, has spaces replaced by tabs and each version is
subtly different from its predecessor.  This confuses me.

Please confirm that the below is the appropriate and final patch, thanks.



From: "Om Narasimhan" <om.turyx@...il.com>

The previous code did something like,

if (error) goto out_err;
....
do {
             struct au1000_pcmcia_socket *skt = PCMCIA_SOCKET(i);
              del_timer_sync(&skt->poll_timer);
               pcmcia_unregister_socket(&skt->socket);
out_err:
               flush_scheduled_work();
               ops->hw_shutdown(skt);
               i--;
} while (i > 0)
.....


- On the error path, skt would not contain a valid value for the first
  iteration (skt is masked by uninitialized automatic skt)

- Does not do hw_shutdown() for 0th element of PCMCIA_SOCKET

Signed-off-by: Om Narasimhan <om.turyx@...il.com>
Cc: Dominik Brodowski <linux@...inikbrodowski.net>
Cc: "Yoichi Yuasa" <yoichi_yuasa@...peaks.co.jp>
Signed-off-by: Andrew Morton <akpm@...l.org>
---

 drivers/pcmcia/au1000_generic.c |   15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff -puN drivers/pcmcia/au1000_generic.c~pcmcia-au1000_generic-fix drivers/pcmcia/au1000_generic.c
--- a/drivers/pcmcia/au1000_generic.c~pcmcia-au1000_generic-fix
+++ a/drivers/pcmcia/au1000_generic.c
@@ -351,6 +351,7 @@ struct skt_dev_info {
 int au1x00_pcmcia_socket_probe(struct device *dev, struct pcmcia_low_level *ops, int first, int nr)
 {
 	struct skt_dev_info *sinfo;
+	struct au1000_pcmcia_socket *skt;
 	int ret, i;
 
 	sinfo = kzalloc(sizeof(struct skt_dev_info), GFP_KERNEL);
@@ -365,7 +366,7 @@ int au1x00_pcmcia_socket_probe(struct de
 	 * Initialise the per-socket structure.
 	 */
 	for (i = 0; i < nr; i++) {
-		struct au1000_pcmcia_socket *skt = PCMCIA_SOCKET(i);
+		skt = PCMCIA_SOCKET(i);
 		memset(skt, 0, sizeof(*skt));
 
 		skt->socket.resource_ops = &pccard_static_ops;
@@ -438,17 +439,19 @@ int au1x00_pcmcia_socket_probe(struct de
 	dev_set_drvdata(dev, sinfo);
 	return 0;
 
-	do {
-		struct au1000_pcmcia_socket *skt = PCMCIA_SOCKET(i);
+
+out_err:
+	flush_scheduled_work();
+	ops->hw_shutdown(skt);
+	while (i-- > 0) {
+		skt = PCMCIA_SOCKET(i);
 
 		del_timer_sync(&skt->poll_timer);
 		pcmcia_unregister_socket(&skt->socket);
-out_err:
 		flush_scheduled_work();
 		ops->hw_shutdown(skt);
 
-		i--;
-	} while (i > 0);
+	}
 	kfree(sinfo);
 out:
 	return ret;
_

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ