| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 6 Aug 2008 20:47:55 +0200 (CEST)
From: Stefan Richter <stefanr@...6.in-berlin.de>
To: Linus Torvalds <torvalds@...ux-foundation.org>,
Andrew Morton <akpm@...ux-foundation.org>
cc: linux-kernel@...r.kernel.org, linux1394-devel@...ts.sourceforge.net
Subject: [git pull] FireWire regression fix
Linus, please pull from the for-linus branch at
git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6.git for-linus
to receive a FireWire subsystem fix-for-a-fix.
David Moore (1):
firewire: Preserve response data alignment bug when it is harmless
drivers/firewire/fw-cdev.c | 29 ++++++++++++++++++++---------
1 files changed, 20 insertions(+), 9 deletions(-)
commit 8401d92ba46a1e859464cbd9c9ee304f6e361da3
Author: David Moore <dcm@....org>
Date: Tue Jul 29 23:46:25 2008 -0700
firewire: Preserve response data alignment bug when it is harmless
Recently, a bug having to do with the alignment of transaction response
data was fixed. However, some apps such as libdc1394 relied on the
presence of that bug in order to function correctly. In order to stay
compatible with old versions of those apps, this patch preserves the bug
in cases where it is harmless to normal operation (such as the single
quadlet read) due to a simple duplication of data. This guarantees
maximum compatability for those users who are using the old app with the
fixed kernel.
Signed-off-by: David Moore <dcm@....org>
Signed-off-by: Stefan Richter <stefanr@...6.in-berlin.de>
diff --git a/drivers/firewire/fw-cdev.c b/drivers/firewire/fw-cdev.c
index bc81d6f..2e6d584 100644
--- a/drivers/firewire/fw-cdev.c
+++ b/drivers/firewire/fw-cdev.c
@@ -369,22 +369,33 @@ complete_transaction(struct fw_card *card, int rcode,
struct response *response = data;
struct client *client = response->client;
unsigned long flags;
+ struct fw_cdev_event_response *r = &response->response;
- if (length < response->response.length)
- response->response.length = length;
+ if (length < r->length)
+ r->length = length;
if (rcode == RCODE_COMPLETE)
- memcpy(response->response.data, payload,
- response->response.length);
+ memcpy(r->data, payload, r->length);
spin_lock_irqsave(&client->lock, flags);
list_del(&response->resource.link);
spin_unlock_irqrestore(&client->lock, flags);
- response->response.type = FW_CDEV_EVENT_RESPONSE;
- response->response.rcode = rcode;
- queue_event(client, &response->event, &response->response,
- sizeof(response->response) + response->response.length,
- NULL, 0);
+ r->type = FW_CDEV_EVENT_RESPONSE;
+ r->rcode = rcode;
+
+ /*
+ * In the case that sizeof(*r) doesn't align with the position of the
+ * data, and the read is short, preserve an extra copy of the data
+ * to stay compatible with a pre-2.6.27 bug. Since the bug is harmless
+ * for short reads and some apps depended on it, this is both safe
+ * and prudent for compatibility.
+ */
+ if (r->length <= sizeof(*r) - offsetof(typeof(*r), data))
+ queue_event(client, &response->event, r, sizeof(*r),
+ r->data, r->length);
+ else
+ queue_event(client, &response->event, r, sizeof(*r) + r->length,
+ NULL, 0);
}
static int ioctl_send_request(struct client *client, void *buffer)
Thanks,
--
Stefan Richter
-=====-==--- =--- --==-
http://arcgraph.de/sr/
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists