lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <88bcc7a2-0f30-6f45-c8a8-37e2777c8dff@kernel.org>
Date:	Sun, 24 Jul 2016 14:06:49 +0100
From:	Jonathan Cameron <jic23@...nel.org>
To:	William Breathitt Gray <vilhelm.gray@...il.com>, knaack.h@....de,
	lars@...afoo.de, pmeerw@...erw.net
Cc:	linux-iio@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] iio: stx104: Store channel output state values as int

On 13/07/16 15:43, William Breathitt Gray wrote:
> The val parameter has a data type of int in the read_raw and write_raw
> callbacks. The chan_out_states array should have elements of type int in
> order to match the data type of the val parameter.
> 
> This patch fixes a possible integer overflow condition when the the int
> pointer val is dereferenced to store the unsigned int chan_out_states
> element in the read_raw callback.
> 
> Fixes: 97a445dad37a ("iio: Add IIO support for the DAC on the Apex Embedded Systems STX104")
> Signed-off-by: William Breathitt Gray <vilhelm.gray@...il.com>
Isn't this only a problem if an out of range value was written
in the first place?  The values it'll take are only 16bits,
so a simple range check around that would fix the root problem.

J
> ---
>  drivers/iio/dac/stx104.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/iio/dac/stx104.c b/drivers/iio/dac/stx104.c
> index 792a971..b22b744 100644
> --- a/drivers/iio/dac/stx104.c
> +++ b/drivers/iio/dac/stx104.c
> @@ -47,7 +47,7 @@ MODULE_PARM_DESC(base, "Apex Embedded Systems STX104 base addresses");
>   * @base:		base port address of the IIO device
>   */
>  struct stx104_iio {
> -	unsigned chan_out_states[STX104_NUM_CHAN];
> +	int chan_out_states[STX104_NUM_CHAN];
>  	unsigned base;
>  };
>  
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ