| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87vc5qxpwh.fsf@nemi.mork.no>
Date: Fri, 07 Jun 2013 10:53:50 +0200
From: Bjørn Mork <bjorn@...k.no>
To: Adam Lee <adam.lee@...onical.com>
Cc: linux-kernel@...r.kernel.org, platform-driver-x86@...r.kernel.org,
ibm-acpi-devel@...ts.sourceforge.net,
Matthew Garrett <matthew.garrett@...ula.com>,
Henrique de Moraes Holschuh <ibm-acpi@....eng.br>,
Alex Hung <alex.hung@...onical.com>
Subject: Re: [PATCH 1/3] thinkpad_acpi: return -NODEV while operating uninitialized LEDs
Adam Lee <adam.lee@...onical.com> writes:
> --- a/drivers/platform/x86/thinkpad_acpi.c
> +++ b/drivers/platform/x86/thinkpad_acpi.c
> @@ -5401,9 +5401,12 @@ static int led_write(char *buf)
> return -ENODEV;
>
> while ((cmd = next_cmd(&buf))) {
> - if (sscanf(cmd, "%d", &led) != 1 || led < 0 || led > 15)
> + if (sscanf(cmd, "%d", &led) != 1)
> return -EINVAL;
>
> + if (!tpacpi_leds[led].led)
> + return -ENODEV;
This looks risky. Why did you remove the index sanity check? What will
happen now if the input is e.g "-1" or "42"?
BTW, the magic number 15 should probably be (TPACPI_LED_NUMLEDS - 1)
instead.
Bjørn
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists