lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <6304b52b0912101731q5870de82qf8ca00846db90e1@mail.gmail.com>
Date:	Fri, 11 Dec 2009 09:31:36 +0800
From:	Jerry Leo <jerryleo860202@...il.com>
To:	isdn@...ux-pingi.de
Cc:	linux-kernel@...r.kernel.org, isdn4linux@...tserv.isdn4linux.de,
	i4ldeveloper@...tserv.isdn4linux.de,
	Armin Schindler <armin@...ware.de>
Subject: Re: [PATCH]about eicon: array subscript is above array bounds

Okay,

       this is the patch i have tested. :)

diff --git a/linux-2.6/drivers/isdn/hardware/eicon/divacapi.h.orig
b/linux-2.6/drivers/isdn/hardware/eicon/divacapi.h
index 9f5b680..d9462f7 100644
--- a/linux-2.6/drivers/isdn/hardware/eicon/divacapi.h.orig
+++ b/linux-2.6/drivers/isdn/hardware/eicon/divacapi.h
@@ -445,7 +445,7 @@ struct _DIVA_CAPI_ADAPTER {
 #define CAPI_MAX_HEAD_LINE_SPACE        89
 #define CAPI_MAX_DATE_TIME_LENGTH       18

-#define T30_MAX_STATION_ID_LENGTH       20
+#define T30_MAX_STATION_ID_LENGTH       30
 #define T30_MAX_SUBADDRESS_LENGTH       20
 #define T30_MAX_PASSWORD_LENGTH         20


thanks,:)


best regards!
                        JerryLeo




2009/12/10 Karsten Keil <isdn@...ux-pingi.de>:
> On Donnerstag, 10. Dezember 2009 05:04:35 Jerry Leo wrote:
>> Hi, Karsten Keil,
>>
>>         When i compile eicon,there have some waning look like this:
>
> This looks wrong, but I do not know this part so well.
>
> Armin ?
>
>>
>>            CC [M]  drivers/isdn/hardware/eicon/message.o
>> drivers/isdn/hardware/eicon/message.c: In function ‘add_b23’:
>> drivers/isdn/hardware/eicon/message.c:8426: warning: array subscript
>> is above array bounds
>> drivers/isdn/hardware/eicon/message.c:8427: warning: array subscript
>> is above array bounds
>> drivers/isdn/hardware/eicon/message.c:8434: warning: array subscript
>> is above array bounds
>> drivers/isdn/hardware/eicon/message.c:8435: warning: array subscript
>> is above array bounds
>> drivers/isdn/hardware/eicon/message.c:8436: warning: array subscript
>> is above array bounds
>> drivers/isdn/hardware/eicon/message.c:8447: warning: array subscript
>> is above array bounds
>>
>> I think the array is short then be used,because the array's max length
>> is 20, then it will use long than this, the code is in
>> "drivers/isdn/hardware/eicon/divacapi.h" 1360L, 50994C  :
>>
>>
>> #define T30_MAX_STATION_ID_LENGTH       20
>> #define T30_MAX_SUBADDRESS_LENGTH       20
>> #define T30_MAX_PASSWORD_LENGTH         20
>>
>> typedef struct t30_info_s T30_INFO;
>> struct t30_info_s {
>>   byte          code;
>>   byte          rate_div_2400;
>>   byte          resolution;
>>   byte          data_format;
>>   byte          pages_low;
>>   byte          pages_high;
>>   byte          operating_mode;
>>   byte          control_bits_low;
>>   byte          control_bits_high;
>>   byte          feature_bits_low;
>>   byte          feature_bits_high;
>>   byte          recording_properties;
>>   byte          universal_6;
>>   byte          universal_7;
>>   byte          station_id_len;
>>   byte          head_line_len;
>>   byte          station_id[T30_MAX_STATION_ID_LENGTH];
>> /* byte          head_line[];      */
>> /* byte          sub_sep_length;   */
>> /* byte          sub_sep_field[];  */
>> /* byte          pwd_length;       */
>> /* byte          pwd_field[];      */
>> /* byte          nsf_info_length;   */
>> /* byte          nsf_info_field[];  */
>> };
>>
>> "drivers/isdn/hardware/eicon/message.c" 15071L, 487328C
>>
>>         if (pos != 0)
>>         {
>>           if (CAPI_MAX_DATE_TIME_LENGTH + 2 +
>> b3_config_parms[3].length > CAPI_MAX_HEAD_LINE_SPACE)
>>             pos = 0;
>>           else
>>           {
>>             ((T30_INFO *)&nlc[1])->station_id[20 + pos++] = ' ';
>>             ((T30_INFO *)&nlc[1])->station_id[20 + pos++] = ' ';
>>             len = (byte)b3_config_parms[2].length;
>>             if (len > 20)
>>               len = 20;
>>             if (CAPI_MAX_DATE_TIME_LENGTH + 2 + len + 2 +
>> b3_config_parms[3].length <= CAPI_MAX_HEAD_LINE_SPACE)
>>             {
>>               for (i = 0; i < len; i++)
>>                 ((T30_INFO *)&nlc[1])->station_id[20 + pos++] = ((byte
>>   *)b3_config_parms[2].info)[1+i];
>>               ((T30_INFO *)&nlc[1])->station_id[20 + pos++] = ' ';
>>               ((T30_INFO *)&nlc[1])->station_id[20 + pos++] = ' ';
>>             }
>>           }
>>         }
>>
>>
>>
>> can this patch commit?
>>
>
> Wrong fileorder, this is a reverse patch.
> But I  think the code should be fixed.
>
>>
>> diff -up linux-2.6/drivers/isdn/hardware/eicon/divacapi.h
>> linux-2.6/drivers/isdn/hardware/eicon/divacapi.h.orig
>> --- linux-2.6/drivers/isdn/hardware/eicon/divacapi.h  2009-12-10
>> 12:02:46.000000000 +0800
>> +++ linux-2.6/drivers/isdn/hardware/eicon/divacapi.h.orig     2009-12-10
>> 11:04:07.000000000 +0800
>> @@ -445,7 +445,7 @@ struct _DIVA_CAPI_ADAPTER {
>>  #define CAPI_MAX_HEAD_LINE_SPACE        89
>>  #define CAPI_MAX_DATE_TIME_LENGTH       18
>>
>> -#define T30_MAX_STATION_ID_LENGTH       30
>> +#define T30_MAX_STATION_ID_LENGTH       20
>>  #define T30_MAX_SUBADDRESS_LENGTH       20
>>  #define T30_MAX_PASSWORD_LENGTH         20
>>
>

Download attachment "patch" of type "application/octet-stream" (579 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ