| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1439372765.705411926@f362.i.mail.ru> Date: Wed, 12 Aug 2015 12:46:05 +0300 From: Alexander Shiyan <shc_work@...l.ru> To: cantona <cantona@...tona.net> Cc: Jiri Slaby <jslaby@...e.com>, linux-serial@...r.kernel.org, linux-kernel@...r.kernel.org, Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: Re: [PATCH v2] serial: max310x: Fix out of bounds access > Среда, 12 августа 2015, 15:36 +08:00 от cantona <cantona@...tona.net>: > > > added Alexander Shiyan < shc_work@...l.ru >. > > On 12 August 2015 at 15:22, Su Kang Yin < cantona@...tona.net > wrote: > >Max310x driver supports up to 4 UART devices but array size of > >"struct max310x_one" is set to 1. That leads to out of bounds > >access on UART port registration. > > > >This patch fixed it by increase the array size to 4 which is > >maximum supported UART. > > > >Signed-off-by: Su Kang Yin < cantona@...tona.net > > >--- ... This seems incorrect. The number of ports is allocated dynamically by: ... /* Alloc port structure */ s = devm_kzalloc(dev, sizeof(*s) + sizeof(struct max310x_one) * devtype->nr, GFP_KERNEL); ... Thanks. ---
Powered by blists - more mailing lists