lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <46C0584E.5060906@emulex.com>
Date:	Mon, 13 Aug 2007 09:10:38 -0400
From:	James Smart <James.Smart@...lex.Com>
To:	Jesper Juhl <jesper.juhl@...il.com>
CC:	Andrew Morton <akpm@...ux-foundation.org>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	linux-scsi@...r.kernel.org,
	James Bottomley <James.Bottomley@...eleye.com>
Subject: Re: [PATCH 4/6][RESEND] Emulex FC HBA driver: fix overflow of statically
 allocated array

Ok.... here's what happened,

- We changed the define so that it matched what we are using. We never configure
   more than 4 HBQ, thus the index will never be beyond 0-3. The if-check is actually
   innoculous. Given that the change wasn't your patch, we didn't include you as
   the author.

- Coding-wise, you are right, we still didn't fix the range check.

Since this really is just something to keep the tools happy - I'll recind the NACK.
I'll worry about simply removing this if-check later...

James/Andrew, accept this patch - ACK.

-- james s

Jesper Juhl wrote:
> On 13/08/07, James Smart <James.Smart@...lex.com> wrote:
>> NACK
>>
>> The fix is contained in our 8.2.2 sources recently posted and pushed by James
>> as part of his last scsi fixes.
>>
> 
> I actually did look for it, but couldn't find any lpfc commits with me
> listed as author, so I assumed it had not been merged.
> I just looked again, at the source this time, up-to-date mainline git
> tree, and I still see
> 
>         hbqno = tag >> 16;
>         if (hbqno > LPFC_MAX_HBQS)
>                 return NULL;
> 
> in drivers/scsi/lpfc/lpfc_sli.c
> 
> ???
> 
> 
>> -- james s
>>
>> Jesper Juhl wrote:
>>> (previously send on 09-Aug-2007 20:47)
>>>
>>> Hi,
>>>
>>> The Coverity checker noticed that we may overrun a statically allocated
>>> array in drivers/scsi/lpfc/lpfc_sli.c::lpfc_sli_hbqbuf_find().
> ...
> 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ