| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20080328122556.GO3613@spacedout.fries.net>
Date: Fri, 28 Mar 2008 07:25:56 -0500
From: David Fries <david@...es.net>
To: linux-kernel@...r.kernel.org
Cc: Evgeniy Polyakov <johnpol@....mipt.ru>
Subject: [PATCH 14/35] W1: w1_slave_read_id multiple short read bug
This is more to point out the bug in w1_slave_read_id, the next patch
rewrites the routine.
w1.c 1.15
Reading at an offset other than zero, ie reading less than 8 bytes at
a time would result in reading the first bytes over and over until 8
bytes were returned. Added the offset to the buffer.
Signed-off-by: David Fries <david@...es.net>
---
drivers/w1/w1.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/w1/w1.c b/drivers/w1/w1.c
index b18eedb..dbd9930 100644
--- a/drivers/w1/w1.c
+++ b/drivers/w1/w1.c
@@ -110,13 +110,13 @@ static ssize_t w1_slave_read_id(struct kobject *kobj,
{
struct w1_slave *sl = kobj_to_w1_slave(kobj);
- if (off > 8) {
+ if (off >= 8) {
count = 0;
} else {
if (off + count > 8)
count = 8 - off;
- memcpy(buf, (u8 *)&sl->reg_num, count);
+ memcpy(buf, (u8 *)&sl->reg_num+off, count);
}
return count;
--
1.4.4.4
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists