lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20100201210633.GC22747@atomide.com>
Date:	Mon, 1 Feb 2010 13:06:33 -0800
From:	Tony Lindgren <tony@...mide.com>
To:	d binderman <dcb314@...mail.com>
Cc:	linux-kernel@...r.kernel.org
Subject: Re: arch/arm/mach-omap2/mux.c: Off by one error

* d binderman <dcb314@...mail.com> [100131 04:14]:
> 
> 
> Hello there,
> 
> I just ran the sourceforge tool cppcheck over the source code of the
> new Linux kernel 2.6.33-rc6
> 
> It said
> 
> [./arm/mach-omap2/mux.c:492]: (error) Buffer access out-of-bounds
> 
> The source code is
> 
>         char mode[14];
>         int i = -1;
> 
>         sprintf(mode, "OMAP_MUX_MODE%d", val & 0x7);
> 
> 13 characters + 1 digit + 1 zero byte is more than 14 characters.
> 
> Suggest new code
> 
>         char mode[15];
>         int i = -1;
> 
>         sprintf(mode, "OMAP_MUX_MODE%d", val & 0x7);

Thanks for reporting this.

I'll queue up the following fix for this for 2.6.34.

Regards,

Tony

From: Tony Lindgren <tony@...mide.com>
Date: Mon, 1 Feb 2010 13:03:42 -0800
Subject: [PATCH] omap: Fix arch/arm/mach-omap2/mux.c: Off by one error

David Binderman ran the sourceforge tool cppcheck over the source code of the
new Linux kernel 2.6.33-rc6:

[./arm/mach-omap2/mux.c:492]: (error) Buffer access out-of-bounds

13 characters + 1 digit + 1 zero byte is more than 14 characters.

Reported-by: David Binderman <dcb314@...mail.com>
Signed-off-by: Tony Lindgren <tony@...mide.com>

diff --git a/arch/arm/mach-omap2/mux.c b/arch/arm/mach-omap2/mux.c
index 32764be..047aa57 100644
--- a/arch/arm/mach-omap2/mux.c
+++ b/arch/arm/mach-omap2/mux.c
@@ -486,7 +486,7 @@ int __init omap_mux_init_signal(char *muxname, int val)
 static inline void omap_mux_decode(struct seq_file *s, u16 val)
 {
 	char *flags[OMAP_MUX_MAX_NR_FLAGS];
-	char mode[14];
+	char mode[15];
 	int i = -1;
 
 	sprintf(mode, "OMAP_MUX_MODE%d", val & 0x7);
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ