lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20110208145301.GO14984@redhat.com>
Date:	Tue, 8 Feb 2011 16:53:01 +0200
From:	Gleb Natapov <gleb@...hat.com>
To:	linux-kernel@...r.kernel.org
Cc:	"H. Peter Anvin" <hpa@...or.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>, x86@...nel.org
Subject: Re: [PATCHv2] Fix EDD3.0 data verification.

Peter, ping.

Is this version acceptable?

On Thu, Feb 03, 2011 at 02:29:48PM +0200, Gleb Natapov wrote:
> Check for nonzero path in edd_has_edd30() has no sense. First, it looks
> at the wrong memory. Device path starts at offset 30 of the info->params
> structure which is at offset 8 from the beginning of info structure, but
> code looks at info + 4 instead. This was correct when code was introduced,
> but around v2.6.4 three more fields were added to edd_info structure
> (commit 66b61a5c in history.git). Second, even if it will check correct
> memory it will always succeed since at offset 30 (params->key) there will
> be non-zero values otherwise previous check would fail.
> 
> The patch replaces this bogus check with one that verifies checksum.
> 
> Signed-off-by: Gleb Natapov <gleb@...hat.com>
> ---
> v1->v2
>   use device path info length to calculate csum.
> 
> diff --git a/drivers/firmware/edd.c b/drivers/firmware/edd.c
> index 96c25d9..f1b7f65 100644
> --- a/drivers/firmware/edd.c
> +++ b/drivers/firmware/edd.c
> @@ -531,8 +531,8 @@ static int
>  edd_has_edd30(struct edd_device *edev)
>  {
>  	struct edd_info *info;
> -	int i, nonzero_path = 0;
> -	char c;
> +	int i;
> +	u8 csum = 0;
>  
>  	if (!edev)
>  		return 0;
> @@ -544,16 +544,16 @@ edd_has_edd30(struct edd_device *edev)
>  		return 0;
>  	}
>  
> -	for (i = 30; i <= 73; i++) {
> -		c = *(((uint8_t *) info) + i + 4);
> -		if (c) {
> -			nonzero_path++;
> -			break;
> -		}
> -	}
> -	if (!nonzero_path) {
> +
> +	/* We support only T13 spec */
> +	if (info->params.device_path_info_length != 44)
> +		return 0;
> +
> +	for (i = 30; i < info->params.device_path_info_length + 30; i++)
> +		csum += *(((u8 *)&info->params) + i);
> +
> +	if (csum)
>  		return 0;
> -	}
>  
>  	return 1;
>  }
> --
> 			Gleb.
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/

--
			Gleb.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ