| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 22 Apr 2014 11:47:05 +0200
From: Pali Rohár <pali.rohar@...il.com>
To: Pavel Machek <pavel@....cz>
Cc: Dan Carpenter <dan.carpenter@...cle.com>, hans.verkuil@...co.com,
m.chehab@...sung.com, ext-eero.nurkkala@...ia.com,
nils.faerber@...nelconcepts.de, joni.lapilainen@...il.com,
freemangordon@....bg, sre@...g0.de, Greg KH <greg@...ah.com>,
trivial@...nel.org, kernel list <linux-kernel@...r.kernel.org>,
linux-media@...r.kernel.org
Subject: Re: [PATCH] radio-bcm2048.c: fix wrong overflow check
On Tuesday 22 April 2014 11:38:36 Pavel Machek wrote:
> On Tue 2014-04-22 12:16:56, Dan Carpenter wrote:
> > On Tue, Apr 22, 2014 at 10:55:53AM +0200, Pali Rohár wrote:
> > > On Tuesday 22 April 2014 10:39:17 Dan Carpenter wrote:
> > > > On Sun, Apr 20, 2014 at 04:56:22PM +0200, Pavel Machek
wrote:
> > > > > Fix wrong overflow check in radio-bcm2048.
> > > > >
> > > > > Signed-off-by: Pali Rohár <pali.rohar@...il.com>
> > > > > Signed-off-by: Pavel Machek <pavel@....cz>
> > > >
> > > > Signed off means like you're signing a legal document to
> > > > show that you didn't do anything illegal when you
> > > > handled the patch. Was this patch authored by Pali?
> > > > If so, then use the From: header.
> > > >
> > > > Btw, I reported this bug on Dec 10 last year. It's
> > > > better that we fix it now than not fix it at all but we
> > > > could have done better. Was the kbuild-zero-day bug
> > > > report format confusing or how could I have helped out
> > > > there?
> > > >
> > > > regards,
> > > > dan carpenter
> > >
> > > Hello, I sent this patch months ago, but not generated by
> > > commmand git format-patch.
> >
> > You should still have recieved authorship credit instead of
> > Pavel. It's a newbie mistake which I have made myself.
> > Pavel, use the From: header to give authorship credit. It
> > goes on the first line of the email.
> >
> > Did you send it to the correct list? This patch should have
> > gone to linux-media@...r.kernel.org. I see now that they
> > are not CC'd. Please resend it to the correct list.
>
> How many more mails need to be generated for single line
> trivial patch? It is staging driver, so Greg should take it.
> Anyway, cc-ed the list now.
>
> > > And yes, this problem was reported by some public static
> > > code checker.
> >
> > I was the public static code checker and I sent the bug
> > report from my @oracle.com email address. Please, give me
> > a Reported-by credit since you are resending this patch
> > anyway.
>
> Feel free to resubmit the patch yourself.
>
> Pavel
I agree with Pavel, this patch which fixing buffer overflow bug
should have been already included in kernel tree. And I think it
really does not matter which from, to or cc lines are specified
for singleline patch which was inspirated by static code checker.
Rather to have fixed bug as talking who found it or who fixed it.
--
Pali Rohár
pali.rohar@...il.com
Download attachment "signature.asc " of type "application/pgp-signature" (199 bytes)
Powered by blists - more mailing lists