| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Nov 2011 08:59:52 -0500 From: Xi Wang <xi.wang@...il.com> To: Dan Carpenter <dan.carpenter@...cle.com> Cc: linux-kernel@...r.kernel.org, devel@...verdev.osuosl.org, Mori Hess <fmhess@...rs.sourceforge.net>, security@...nel.org, Lucas De Marchi <lucas.demarchi@...fusion.mobi>, Greg Kroah-Hartman <gregkh@...e.de>, Ian Abbott <abbotti@....co.uk>, Franky Lin <frankyl@...adcom.com>, Greg Dietsche <Gregory.Dietsche@....edu>, Mark Pearson <markpearson_de@...oo.de> Subject: Re: [PATCH] comedi: integer overflow in do_insnlist_ioctl() Thanks for the pointer. However you cannot do the overflow check using if (sizeof(struct comedi_insn) * insnlist.n_insns < insnlist.n_insns) Let's assume 32-bit system, sizeof(struct comedi_insn) = 32, and insnlist.n_insns = 0x7fffffff. Note that 32 * 0x7fffffff = 0xffffffe0 overflows but bypasses your check. - xi On Wed, Nov 23, 2011 at 1:13 AM, Dan Carpenter <dan.carpenter@...cle.com> wrote: > I sent a patch for this already. > > http://driverdev.linuxdriverproject.org/pipermail/devel/2011-November/022469.html > > regards, > dan carpenter > > > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists