| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1304478412-11843-4-git-send-email-gong.chen@linux.intel.com>
Date: Wed, 4 May 2011 11:06:52 +0800
From: Chen Gong <gong.chen@...ux.intel.com>
To: tony.luck@...el.com, ying.huang@...el.com
Cc: linux-kernel@...r.kernel.org, linux-acpi@...r.kernel.org,
Chen Gong <gong.chen@...ux.intel.com>
Subject: [PATCH 3/3] fix potential logic issue in pstore read interface
1) in the calling of erst_read, the parameter of buffer size
maybe overflows and cause crash
2) the return value of erst_read should be checked more strictly
Signed-off-by: Chen Gong <gong.chen@...ux.intel.com>
---
drivers/acpi/apei/erst.c | 9 ++++++++-
1 files changed, 8 insertions(+), 1 deletions(-)
diff --git a/drivers/acpi/apei/erst.c b/drivers/acpi/apei/erst.c
index ddb68c4..e6cef8e 100644
--- a/drivers/acpi/apei/erst.c
+++ b/drivers/acpi/apei/erst.c
@@ -1006,7 +1006,14 @@ skip:
}
len = erst_read(record_id, &rcd->hdr, sizeof(*rcd) +
- erst_erange.size);
+ erst_info.bufsize);
+ /* The record may be cleared by others, try read next record */
+ if (len == -ENOENT)
+ goto skip;
+ else if (len < 0) {
+ rc = -1;
+ goto out;
+ }
if (uuid_le_cmp(rcd->hdr.creator_id, CPER_CREATOR_PSTORE) != 0)
goto skip;
--
1.7.5.185.g0b9dee
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists