lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1429491259.27863.1.camel@perches.com>
Date:	Sun, 19 Apr 2015 17:54:19 -0700
From:	Joe Perches <joe@...ches.com>
To:	Yorick Rommers <yorick-rommers@...mail.com>
Cc:	lidza.louina@...il.com, gregkh@...uxfoundation.org,
	markh@...pro.net, driverdev-devel@...uxdriverproject.org,
	devel@...verdev.osuosl.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Staging: dgnc: Using temporary value for repeated
 dereferences.

On Sun, 2015-04-19 at 23:58 +0200, Yorick Rommers wrote:
> Hello Joe,
> 
> Thank you once again for the feedback.
> I've changed my patch accordingly, see below.
> 
> --------------------------------------
> 
> A patch for a line being too long (>80) in dgnc_mgmt.c,
> fixed by making a temporary value for dgnc_Board[brd],
> replacing all instanced of dgnc_Board[brd] with temporary value,
> and removing unnecessary typecasts.
> 
> Signed-off-by: Yorick Rommers <yorick-rommers@...mail.com>
> ---
>  drivers/staging/dgnc/dgnc_mgmt.c | 17 +++++++++--------
>  1 file changed, 9 insertions(+), 8 deletions(-)
> 
> diff --git a/drivers/staging/dgnc/dgnc_mgmt.c b/drivers/staging/dgnc/dgnc_mgmt.c
> index b13318a..0437117 100644
> --- a/drivers/staging/dgnc/dgnc_mgmt.c
> +++ b/drivers/staging/dgnc/dgnc_mgmt.c
> @@ -131,6 +131,7 @@ long dgnc_mgmt_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
>  		int brd;
> 
>  		struct digi_info di;
> +		struct dgnc_board *bd = dgnc_Board[brd];

Please read the code.
brd is got from userspace and you've dereferenced
it before getting the value from userspace.

>  		if (copy_from_user(&brd, uarg, sizeof(int)))
>  			return -EFAULT;

Look again at the code I suggested.


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ