lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 4 Oct 2010 16:11:10 +0200
From:	Antonio Ospite <ospite@...denti.unina.it>
To:	Jiri Kosina <jkosina@...e.cz>
Cc:	linux-input@...r.kernel.org, Alan Ott <alan@...nal11.us>,
	Oliver Neukum <oliver@...kum.name>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] HID: hidraw, fix a NULL pointer dereference in
 hidraw_ioctl

On Mon, 4 Oct 2010 15:50:31 +0200 (CEST)
Jiri Kosina <jkosina@...e.cz> wrote:

> On Sat, 2 Oct 2010, Antonio Ospite wrote:
> 
> > BUG: unable to handle kernel NULL pointer dereference at 0000000000000028
> > IP: [<ffffffffa02c66b4>] hidraw_ioctl+0xfc/0x32c [hid]
> > [...]
> > 
[...]
> > 
> > Signed-off-by: Antonio Ospite <ospite@...denti.unina.it>
> > ---
> > Should this be applied to older stable kernels too?
> 
> Yes, I will be adding (or feel free to do so yourself with another respin) 
> "Cc: stable@...nel.org" line.
>

Ok, I am resending it along with the other fix.

> > there is a similar problem when _writing_ to the device, but Alan's
> > changes in that area are shuffling the code a bit, should I send a patch
> > [to hidraw_send_report()] on top of Alan's work for that, or a fix for
> > current mainline [in hidraw_write()] on which Alan should rebase his
> > work would be better?
> 
> Please send me the fix for current mainline for now, i.e. respin with the 
> write path covered as well. We are struggling to get feedback on Alan's 
> patches from Bluetooth maintainer, so we'd rather have this race fixed in 
> any case.
>

Ok, I hope having Alan to resend his changes again rebased on these
fixes will bring the discussion on that up again.

Regards,
   Antonio

-- 
Antonio Ospite
http://ao2.it

PGP public key ID: 0x4553B001

A: Because it messes up the order in which people normally read text.
   See http://en.wikipedia.org/wiki/Posting_style
Q: Why is top-posting such a bad thing?

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ