| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1453148090.2363.13.camel@HansenPartnership.com> Date: Mon, 18 Jan 2016 12:14:50 -0800 From: James Bottomley <James.Bottomley@...senPartnership.com> To: Insu Yun <wuninsu@...il.com>, martin.petersen@...cle.com, linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org Cc: taesoo@...ech.edu, yeongjin.jang@...ech.edu, insu@...ech.edu, changwoo@...ech.edu Subject: Re: [PATCH] scsi: fix potential integer signedness problem On Mon, 2016-01-18 at 14:55 -0500, Insu Yun wrote: > Since len is signed integer variable, it is better to check > whether len is non-negative or not. > If non-negative value len gives, it can cause heap overflow. Hey, this patch is full of a ton of undocumented (and mostly spurious) whitespace changes, which make it very hard to see the actual patch > Signed-off-by: Insu Yun <wuninsu@...il.com> > --- > drivers/scsi/scsi_lib.c | 33 ++++++++++++++++++--------------- > 1 file changed, 18 insertions(+), 15 deletions(-) [...] Which is this, I think: > @@ -2349,6 +2349,9 @@ scsi_mode_select(struct scsi_device *sdev, int > pf, int sp, int modepage, > unsigned char *real_buffer; > int ret; > > + if (len < 0) > + return -EINVAL; > + > memset(cmd, 0, sizeof(cmd)); > cmd[1] = (pf ? 0x10 : 0) | (sp ? 0x01 : 0); What's the actual problem here? There's only one user of scsi_mode_select: an internal one which always sends in a positive length, so this check is entirely unnecessary. James
Powered by blists - more mailing lists