lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Sat, 25 Aug 2012 16:06:50 -0400
From:	Huang Shijie <shijie8@...il.com>
To:	dwmw2@...radead.org
Cc:	linux-mtd@...ts.infradead.org, linux-kernel@...r.kernel.org,
	dedekind1@...il.com, Huang Shijie <shijie8@...il.com>
Subject: [PATCH v2] mtd: cmdlinepart: fix the wrong check condition

The `mtd_id` is set by the name of a mtd device driver.

As a nand controller driver, even we do not set the @name of
the mtd_info{}, the nand_get_flash_type() will set it with
the nand type's name. So the `mtd_id` can never be NULL in this
case.

But as a nor controller driver which may does not call the
nand_get_flash_type(), there is a risk that the `mtd_id` becames NULL.

If the `mtd_id` is NULL, the check condition will be true.
If we accidentally set some partitions in the kernel command line,
just like:
          #gpmi-nand:20m(boot),20m(kernel),1g(rootfs),-(user)

The cmdlinepart may parses out several mtd partitions right now.
This is obviously wrong. We even do not enable the gpmi-nand in
this case.

The patch comes from Artem's suggestion code which is better then mine.

Signed-off-by: Huang Shijie <shijie8@...il.com>
---
 drivers/mtd/cmdlinepart.c |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/drivers/mtd/cmdlinepart.c b/drivers/mtd/cmdlinepart.c
index fc960a3..216d751 100644
--- a/drivers/mtd/cmdlinepart.c
+++ b/drivers/mtd/cmdlinepart.c
@@ -322,13 +322,16 @@ static int parse_cmdline_partitions(struct mtd_info *master,
 	struct cmdline_mtd_partition *part;
 	const char *mtd_id = master->name;
 
+	if (!mtd_id)
+		return 0;
+
 	/* parse command line */
 	if (!cmdline_parsed)
 		mtdpart_setup_real(cmdline);
 
 	for(part = partitions; part; part = part->next)
 	{
-		if ((!mtd_id) || (!strcmp(part->mtd_id, mtd_id)))
+		if (!strcmp(part->mtd_id, mtd_id))
 		{
 			for(i = 0, offset = 0; i < part->num_parts; i++)
 			{
-- 
1.7.4.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ