lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20080922204129.GA3495@localhost>
Date:	Mon, 22 Sep 2008 22:41:29 +0200
From:	Mark de Wever <koraq@...all.nl>
To:	petkovbb@...il.com
Cc:	Sergei Shtylyov <sshtylyov@...mvista.com>,
	Gadi Oxman <gadio@...vision.net.il>,
	Bartlomiej Zolnierkiewicz <bzolnier@...il.com>,
	linux-ide@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] IDE-TAPE NULL terminate strings.

On Mon, Sep 22, 2008 at 03:56:49PM +0200, Boris Petkov wrote:
> On Mon, Sep 22, 2008 at 3:16 PM, Sergei Shtylyov
> <sshtylyov@...mvista.com> wrote:
> > Hello.
> >
> .. and I know why :). Those ide_tape_obj members (char fw_rev[6], vendor_id[10],
> product_id[18]) were used only once in idetape_get_inquiry_results() so I moved
> them there as local stack variables. Originally, they were kzalloc'ed as part of
> struct ide_tape_obj and now they contain stack garbage therefore the funny
> values. The simple solution would be to zero them out or:
> 
> 
> Does the following patch help?

Yes feel free to add my tested-by.

Only not sure whether the static is the best solution, the following
patch also works, by zeroing the memory as you suggested.

Signed-off-by: Mark de Wever <koraq@...all.nl>

diff --git a/drivers/ide/ide-tape.c b/drivers/ide/ide-tape.c
index 1bce84b..c41f5b1 100644
--- a/drivers/ide/ide-tape.c
+++ b/drivers/ide/ide-tape.c
@@ -2338,7 +2338,7 @@ static void idetape_get_inquiry_results(ide_drive_t *drive)
 {
 	idetape_tape_t *tape = drive->driver_data;
 	struct ide_atapi_pc pc;
-	char fw_rev[6], vendor_id[10], product_id[18];
+	char fw_rev[6] = {'\0'}, vendor_id[10] = {'\0'}, product_id[18] = {'\0'};
 
 	idetape_create_inquiry_cmd(&pc);
 	if (idetape_queue_pc_tail(drive, &pc)) {

-- 
Regards,
Mark de Wever
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ