lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20111031143606.GQ6635@beardog.cce.hp.com>
Date:	Mon, 31 Oct 2011 09:36:06 -0500
From:	scameron@...rdog.cce.hp.com
To:	James Bottomley <James.Bottomley@...senPartnership.com>
Cc:	stephenmcameron@...il.com, akpm@...ux-foundation.org,
	linux-kernel@...r.kernel.org, linux-scsi@...r.kernel.org,
	mikem@...rdog.cce.hp.com, scameron@...rdog.cce.hp.com
Subject: Re: [PATCH 4/5] hpsa: fix potential array overflow in hpsa_update_scsi_devices

On Sun, Oct 30, 2011 at 02:16:22PM +0400, James Bottomley wrote:
> On Wed, 2011-10-26 at 16:21 -0500, Stephen M. Cameron wrote:
> > From: Scott Teel <scott.teel@...com>
> > 
> > The currentsd[] array in hpsa_update_scsi_devices had room for
> > 256 devices.  The code was iterating over however many physical
> > and logical devices plus an additional number of possible external
> > MSA2XXX controllers, which together could potentially exceed 256.
> > 
> > We increased the size of the currentsd array to 1024 + 1024 + 32 + 1
> > elements to reflect a reasonable maximum possible number of devices
> > which might be encountered.  We also don't just walk off the end
> > of the array if the array controller reports more devices than we
> > are prepared to handle, we just ignore the excessive devices.
> > 
> > Signed-off-by: Scott Teel <scott.teel@...com>
> > Acked-by: Stephen M. Cameron <scameron@...rdog.cce.hp.com>
> 
> This should be Signed-off-by not Acked-by.  The reason is that the
> signoffs track whose hands the patch passes through.  If you send
> Scott's patch to me, it must have your signoff.  If Scott sends the
> patch directly to me and then you OK it on the list, then I'll add
> Acked-by.  I've assumed your acquiescence to correcting this in my tree.
> 
> James
> 

Thanks James.  

I don't often have patches from other people to forward, so I tend to
forget how it's supposed to work.   I'll try to remember that for next time.

-- steve

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ