lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <9ea470500809220656j6dfcf4c9q7a5a4185481ec994@mail.gmail.com>
Date:	Mon, 22 Sep 2008 15:56:49 +0200
From:	"Boris Petkov" <petkovbb@...glemail.com>
To:	"Sergei Shtylyov" <sshtylyov@...mvista.com>
Cc:	"Mark de Wever" <koraq@...all.nl>,
	"Gadi Oxman" <gadio@...vision.net.il>,
	"Bartlomiej Zolnierkiewicz" <bzolnier@...il.com>,
	linux-ide@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] IDE-TAPE NULL terminate strings.

On Mon, Sep 22, 2008 at 3:16 PM, Sergei Shtylyov
<sshtylyov@...mvista.com> wrote:
> Hello.
>
> Mark de Wever wrote:
>
>> After updating my kernel to 2.6.26 the output for the ide-tape drive
>> during booting is garbled eg
>> ide-tape: hdd <-> ht0: Seagate <98>ß8A51|1À<81>ܺ<98>ß STT20000A rev
>> 8A51|1À<81>ܺ<98>ß
>
>> This patch fixes the problem by NULL terminating the strings.
>
>   Looks like this bugs was introduced by this commit:
>
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=41f81d545b6b1f585a02d1d8545978714f710e91

.. and I know why :). Those ide_tape_obj members (char fw_rev[6], vendor_id[10],
product_id[18]) were used only once in idetape_get_inquiry_results() so I moved
them there as local stack variables. Originally, they were kzalloc'ed as part of
struct ide_tape_obj and now they contain stack garbage therefore the funny
values. The simple solution would be to zero them out or:


Does the following patch help?

Signed-off-by: Borislav Petkov <petkovbb@...il.com>

diff --git a/drivers/ide/ide-tape.c b/drivers/ide/ide-tape.c
index 1bce84b..848d9df 100644
--- a/drivers/ide/ide-tape.c
+++ b/drivers/ide/ide-tape.c
@@ -2338,7 +2338,7 @@ static void
idetape_get_inquiry_results(ide_drive_t *drive)
 {
 	idetape_tape_t *tape = drive->driver_data;
 	struct ide_atapi_pc pc;
-	char fw_rev[6], vendor_id[10], product_id[18];
+	static char fw_rev[6], vendor_id[10], product_id[18];

 	idetape_create_inquiry_cmd(&pc);
 	if (idetape_queue_pc_tail(drive, &pc)) {


-- 
Regards/Gruss,
Boris
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ