lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <6304b52b0912092004t646569bdm2a6bbc9bb2440aba@mail.gmail.com>
Date:	Thu, 10 Dec 2009 12:04:35 +0800
From:	Jerry Leo <jerryleo860202@...il.com>
To:	isdn@...ux-pingi.de
Cc:	linux-kernel@...r.kernel.org, isdn4linux@...tserv.isdn4linux.de,
	i4ldeveloper@...tserv.isdn4linux.de
Subject: [PATCH]about eicon: array subscript is above array bounds

Hi, Karsten Keil,

        When i compile eicon,there have some waning look like this:

           CC [M]  drivers/isdn/hardware/eicon/message.o
drivers/isdn/hardware/eicon/message.c: In function ‘add_b23’:
drivers/isdn/hardware/eicon/message.c:8426: warning: array subscript
is above array bounds
drivers/isdn/hardware/eicon/message.c:8427: warning: array subscript
is above array bounds
drivers/isdn/hardware/eicon/message.c:8434: warning: array subscript
is above array bounds
drivers/isdn/hardware/eicon/message.c:8435: warning: array subscript
is above array bounds
drivers/isdn/hardware/eicon/message.c:8436: warning: array subscript
is above array bounds
drivers/isdn/hardware/eicon/message.c:8447: warning: array subscript
is above array bounds

I think the array is short then be used,because the array's max length
is 20, then it will use long than this, the code is in
"drivers/isdn/hardware/eicon/divacapi.h" 1360L, 50994C  :


#define T30_MAX_STATION_ID_LENGTH       20
#define T30_MAX_SUBADDRESS_LENGTH       20
#define T30_MAX_PASSWORD_LENGTH         20

typedef struct t30_info_s T30_INFO;
struct t30_info_s {
  byte          code;
  byte          rate_div_2400;
  byte          resolution;
  byte          data_format;
  byte          pages_low;
  byte          pages_high;
  byte          operating_mode;
  byte          control_bits_low;
  byte          control_bits_high;
  byte          feature_bits_low;
  byte          feature_bits_high;
  byte          recording_properties;
  byte          universal_6;
  byte          universal_7;
  byte          station_id_len;
  byte          head_line_len;
  byte          station_id[T30_MAX_STATION_ID_LENGTH];
/* byte          head_line[];      */
/* byte          sub_sep_length;   */
/* byte          sub_sep_field[];  */
/* byte          pwd_length;       */
/* byte          pwd_field[];      */
/* byte          nsf_info_length;   */
/* byte          nsf_info_field[];  */
};

"drivers/isdn/hardware/eicon/message.c" 15071L, 487328C

        if (pos != 0)
        {
          if (CAPI_MAX_DATE_TIME_LENGTH + 2 +
b3_config_parms[3].length > CAPI_MAX_HEAD_LINE_SPACE)
            pos = 0;
          else
          {
            ((T30_INFO *)&nlc[1])->station_id[20 + pos++] = ' ';
            ((T30_INFO *)&nlc[1])->station_id[20 + pos++] = ' ';
            len = (byte)b3_config_parms[2].length;
            if (len > 20)
              len = 20;
            if (CAPI_MAX_DATE_TIME_LENGTH + 2 + len + 2 +
b3_config_parms[3].length <= CAPI_MAX_HEAD_LINE_SPACE)
            {
              for (i = 0; i < len; i++)
                ((T30_INFO *)&nlc[1])->station_id[20 + pos++] = ((byte
  *)b3_config_parms[2].info)[1+i];
              ((T30_INFO *)&nlc[1])->station_id[20 + pos++] = ' ';
              ((T30_INFO *)&nlc[1])->station_id[20 + pos++] = ' ';
            }
          }
        }



can this patch commit?


diff -up linux-2.6/drivers/isdn/hardware/eicon/divacapi.h
linux-2.6/drivers/isdn/hardware/eicon/divacapi.h.orig
--- linux-2.6/drivers/isdn/hardware/eicon/divacapi.h	2009-12-10
12:02:46.000000000 +0800
+++ linux-2.6/drivers/isdn/hardware/eicon/divacapi.h.orig	2009-12-10
11:04:07.000000000 +0800
@@ -445,7 +445,7 @@ struct _DIVA_CAPI_ADAPTER {
 #define CAPI_MAX_HEAD_LINE_SPACE        89
 #define CAPI_MAX_DATE_TIME_LENGTH       18

-#define T30_MAX_STATION_ID_LENGTH       30
+#define T30_MAX_STATION_ID_LENGTH       20
 #define T30_MAX_SUBADDRESS_LENGTH       20
 #define T30_MAX_PASSWORD_LENGTH         20

Download attachment "patch" of type "application/octet-stream" (499 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ