lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 26 Jan 2016 18:31:49 +0100 (CET)
From:	Thomas Gleixner <tglx@...utronix.de>
To:	Zhao Qiang <qiang.zhao@....com>
cc:	linuxppc-dev@...ts.ozlabs.org, linux-kernel@...r.kernel.org,
	leoyang.li@....com, oss@...error.net, xiaobo.xie@....com
Subject: Re: [PATCH] qe_ic: fix a buffer overflow error and add check
 elsewhere

On Thu, 21 Jan 2016, Zhao Qiang wrote:

> 127 is the theoretical up boundary of QEIC number,
> in fact there only be 44 qe_ic_info now.
> add check to overflow for qe_ic_info

How do you trigger that overflow? The above does not explain WHY we need these
checks.

> diff --git a/drivers/soc/fsl/qe/qe_ic.c b/drivers/soc/fsl/qe/qe_ic.c
> index 5419527..90c00b7 100644
> --- a/drivers/soc/fsl/qe/qe_ic.c
> +++ b/drivers/soc/fsl/qe/qe_ic.c

Sigh. Another dump ground for SOC stuff? irq chip drivers belong into
drivers/irqchip.

Thanks,

	tglx

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ