| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5620971D.8040103@wanadoo.fr> Date: Fri, 16 Oct 2015 08:20:13 +0200 From: Christophe JAILLET <christophe.jaillet@...adoo.fr> To: Michael Ellerman <mpe@...erman.id.au> Cc: benh@...nel.crashing.org, paulus@...ba.org, linuxppc-dev@...ts.ozlabs.org, linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org Subject: Re: [PATCH v2] powerpc/mpc5xxx: Avoid dereferencing potentially freed memory Le 15/10/2015 08:36, Michael Ellerman a écrit : > On Thu, 2015-10-15 at 07:56 +0200, Christophe JAILLET wrote: >> Use 'of_property_read_u32()' instead of 'of_get_property()'+pointer >> dereference in order to avoid access to potentially freed memory. >> >> Use 'of_get_next_parent()' to simplify the while() loop and avoid the >> need of a temp variable. >> >> Signed-off-by: Christophe JAILLET <christophe.jaillet@...adoo.fr> >> --- >> v2: Use of_property_read_u32 instead of of_get_property+pointer dereference >> *** Untested *** > Thanks. > > Can someone with an mpc5xxx test this? > > cheers > Hi, I don't think it is an issue, but while looking at another similar patch, I noticed that the proposed patch adds a call to be32_to_cpup() (within of_property_read_u32). Apparently, powerPC is a BE architecture, so this call should be a no-op. Just wanted to point it out, in case of. Best regards, CJ -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists