lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 14 Jul 2015 21:20:15 +0200 From: "Luis R. Rodriguez" <mcgrof@...e.com> To: Kees Cook <keescook@...omium.org>, David Howells <dhowells@...hat.com> Cc: "Luis R. Rodriguez" <mcgrof@...not-panic.com>, Ming Lei <ming.lei@...onical.com>, seth.forshee@...onical.com, Rusty Russell <rusty@...tcorp.com.au>, Linus Torvalds <torvalds@...ux-foundation.org>, David Howells <dhowells@...hat.com>, LKML <linux-kernel@...r.kernel.org>, Paul Bolle <pebolle@...cali.nl>, linux-wireless <linux-wireless@...r.kernel.org>, Greg KH <gregkh@...uxfoundation.org>, jlee@...e.com, Takashi Iwai <tiwai@...e.de>, Casey Schaufler <casey@...aufler-ca.com>, Matthew Garrett <mjg59@...f.ucam.org>, Andrew Morton <akpm@...ux-foundation.org>, Kyle McMartin <kyle@...nel.org>, David Woodhouse <David.Woodhouse@...el.com> Subject: Re: [RFC v3 2/2] firmware: add firmware signature checking support On Mon, Jun 08, 2015 at 12:56:44PM -0700, Kees Cook wrote: > On Mon, May 18, 2015 at 5:45 PM, Luis R. Rodriguez > <mcgrof@...not-panic.com> wrote: > > From: "Luis R. Rodriguez" <mcgrof@...e.com> > > > > diff --git a/drivers/base/firmware_class.c b/drivers/base/firmware_class.c > > index 134dd77..97cab65 100644 > > --- a/drivers/base/firmware_class.c > > +++ b/drivers/base/firmware_class.c > > @@ -180,17 +190,33 @@ static struct firmware_buf *__allocate_fw_buf(const char *fw_name, > > struct firmware_cache *fwc) > > { > > struct firmware_buf *buf; > > + const char *sign_ext = ".p7s"; > > + char *signed_name; > > + > > + signed_name = kzalloc(PATH_MAX, GFP_ATOMIC); > > + if (!signed_name) > > + return NULL; > > > > buf = kzalloc(sizeof(*buf), GFP_ATOMIC); > > - if (!buf) > > + if (!buf) { > > + kfree(signed_name); > > return NULL; > > + } > > > > buf->fw_id = kstrdup_const(fw_name, GFP_ATOMIC); > > if (!buf->fw_id) { > > + kfree(signed_name); > > kfree(buf); > > return NULL; > > } > > > > + strcpy(signed_name, buf->fw_id); > > + strncat(signed_name, sign_ext, strlen(sign_ext)); > > fw_id is potentially unbounded, so using strncat hear poses an > overflow risk. Maybe better to use strlcpy? > Thanks for the feedback, indeed. Luis -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists