lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1258753394.2889.315.camel@mulgrave.site>
Date:	Fri, 20 Nov 2009 16:43:14 -0500
From:	James Bottomley <James.Bottomley@...e.de>
To:	Jeff Mahoney <jeffm@...freymahoney.com>
Cc:	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	linux-scsi@...r.kernel.org
Subject: Re: [PATCH] enclosure: fix oops while iterating enclosure_status
 array

*really* (promise) adding linux-scsi to the cc list this time.

Patch looks fine to me, though, thanks.

James

On Thu, 2009-11-19 at 19:23 -0500, Jeff Mahoney wrote:
> enclosure_status is expected to be a NULL terminated array of strings
>  but isn't actually NULL terminated. When writing an invalid value to
>  /sys/class/enclosure/.../.../status, it goes off the end of the array
>  and Oopses.
> 
>  This patch uses the array size instead.
> 
> Reported-by: Artur Wojcik <artur.wojcik@...el.com>
> Signed-off-by: Jeff Mahoney <jeffm@...e.com>
> ---
>  drivers/misc/enclosure.c |    5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
> 
> --- a/drivers/misc/enclosure.c
> +++ b/drivers/misc/enclosure.c
> @@ -412,8 +412,9 @@ static ssize_t set_component_status(stru
>  	struct enclosure_component *ecomp = to_enclosure_component(cdev);
>  	int i;
>  
> -	for (i = 0; enclosure_status[i]; i++) {
> -		if (strncmp(buf, enclosure_status[i],
> +	for (i = 0; i < ARRAY_SIZE(enclosure_status); i++) {
> +		if (enclosure_status[i] &&
> +		    strncmp(buf, enclosure_status[i],
>  			    strlen(enclosure_status[i])) == 0 &&
>  		    (buf[strlen(enclosure_status[i])] == '\n' ||
>  		     buf[strlen(enclosure_status[i])] == '\0'))



--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ