lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 15 Jan 2013 16:11:47 +0100
From:	Sjur BRENDELAND <sjur.brandeland@...ricsson.com>
To:	Ido Yariv <ido@...ery.com>
Cc:	Ohad Ben-Cohen <ohad@...ery.com>,
	Linus Walleij <linus.walleij@...aro.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	Sjur Brændeland <sjur@...ndeland.net>
Subject: RE: [RFCv2 08/11] remoteproc: Refactor function
 rproc_elf_find_rsc_table

Hi Ido,

> > +static struct elf32_shdr *
> > +find_rsc_shdr(struct device *dev, struct elf32_hdr *ehdr)
> >  {
> > -	struct elf32_hdr *ehdr;
> >  	struct elf32_shdr *shdr;
> > +	int i;
> >  	const char *name_table;
> > -	struct device *dev = &rproc->dev;
> >  	struct resource_table *table = NULL;
> > -	int i;
> > -	const u8 *elf_data = fw->data;
> > +	const u8 *elf_data = (void *)ehdr;
> >
> > -	ehdr = (struct elf32_hdr *)elf_data;
> > +	/* look for the resource table and handle it */
> >  	shdr = (struct elf32_shdr *)(elf_data + ehdr->e_shoff);
> >  	name_table = elf_data + shdr[ehdr->e_shstrndx].sh_offset;
> >
> > -	/* look for the resource table and handle it */
> >  	for (i = 0; i < ehdr->e_shnum; i++, shdr++) {
> >  		int size = shdr->sh_size;
> >  		int offset = shdr->sh_offset;
> > @@ -249,12 +230,6 @@ rproc_elf_find_rsc_table(struct rproc *rproc, const
> struct firmware *fw,
> >
> >  		table = (struct resource_table *)(elf_data + offset);
> >
> > -		/* make sure we have the entire table */
> > -		if (offset + size > fw->size) {
> > -			dev_err(dev, "resource table truncated\n");
> > -			return NULL;
> > -		}
> > -
> 
> This should probably be kept in the internal function, since it
> dereferences the table as well. Moreover, this function will also be
> called from other function locations.

OK, I can do that.

> 
> It might also be a good idea to verify the offset as well, not just the
> size.

I'm not sure what you have in mind here. What sort of checks would you do on offset?

Regards,
Sjur
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ