lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20090609122735.9a915cbf.akpm@linux-foundation.org>
Date:	Tue, 9 Jun 2009 12:27:35 -0700
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	Jiri Slaby <jirislaby@...il.com>
Cc:	alan@...rguk.ukuu.org.uk, linux-kernel@...r.kernel.org,
	jirislaby@...il.com, eibach@...ys.de
Subject: Re: [PATCH 1/1] Char: moxa, prevent opening unavailable ports

On Tue,  9 Jun 2009 16:33:01 +0200
Jiri Slaby <jirislaby@...il.com> wrote:

> From: Dirk Eibach <eibach@...ys.de>
> 
> In moxa.c there are 32 minor numbers reserved for each device. The
> number of ports actually available per device is stored in
> moxa_board_conf->numPorts. This number is not considered in moxa_open().
> Opening a port that is not available results in a kernel oops.
> This patch adds a test to moxa_open() that prevents opening unavailable
> ports.
> 
> Signed-off-by: Dirk Eibach <eibach@...ys.de>
> Signed-off-by: Jiri Slaby <jirislaby@...il.com>
> ---
>  drivers/char/moxa.c |    5 +++++
>  1 files changed, 5 insertions(+), 0 deletions(-)
> 
> diff --git a/drivers/char/moxa.c b/drivers/char/moxa.c
> index 4a4cab7..65b6ff2 100644
> --- a/drivers/char/moxa.c
> +++ b/drivers/char/moxa.c
> @@ -1184,6 +1184,11 @@ static int moxa_open(struct tty_struct *tty, struct file *filp)
>  		return -ENODEV;
>  	}
>  
> +	if (port % MAX_PORTS_PER_BOARD >= brd->numPorts) {
> +		mutex_unlock(&moxa_openlock);
> +		return -ENODEV;
> +	}
> +
>  	ch = &brd->ports[port % MAX_PORTS_PER_BOARD];
>  	ch->port.count++;
>  	tty->driver_data = ch;

Looks good to me.  But please, let's avoid adding the
multiple-return-statement hand grenade?

--- a/drivers/char/moxa.c~char-moxa-prevent-opening-unavailable-ports
+++ a/drivers/char/moxa.c
@@ -1184,6 +1184,11 @@ static int moxa_open(struct tty_struct *
 		return -ENODEV;
 	}
 
+	if (port % MAX_PORTS_PER_BOARD >= brd->numPorts) {
+		retval = -ENODEV;
+		goto out_unlock;
+	}
+
 	ch = &brd->ports[port % MAX_PORTS_PER_BOARD];
 	ch->port.count++;
 	tty->driver_data = ch;
@@ -1208,8 +1213,8 @@ static int moxa_open(struct tty_struct *
 				moxa_close_port(tty);
 	} else
 		ch->port.flags |= ASYNC_NORMAL_ACTIVE;
+out_unlock:
 	mutex_unlock(&moxa_openlock);
-
 	return retval;
 }
 
_



btw, what's this code in moxa_open() doing?

	if (port == MAX_PORTS) {
		return capable(CAP_SYS_ADMIN) ? 0 : -EPERM;
	}

why does it return 0 if CAP_SYS_ADMIN?				
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ