lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 21 Aug 2016 11:46:01 -0700
From:   Joe Perches <joe@...ches.com>
To:     Heinrich Schuchardt <xypron.glpk@....de>,
        Patrik Jakobsson <patrik.r.jakobsson@...il.com>
Cc:     David Airlie <airlied@...ux.ie>, dri-devel@...ts.freedesktop.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] drm/gma500: dont expose bytes from kernel stack

On Sun, 2016-08-21 at 20:39 +0200, Heinrich Schuchardt wrote:
> Components m1, m2, p2, dot, vco of variable clock should be
> initialized to avoid bytes from the kernel stack to be
> exposed.

How was this found? visual code inspection?

And isn't this true for mrst_lvds_find_best_pll as well?

> a@@ -138,6 +138,7 @@ static bool mrst_sdvo_find_best_pll(const struct gma_limit_t *limit,
>  	u32 target_vco, actual_freq;
>  	s32 freq_error, min_error = 100000;
>  
> +	memset(clock, 0, sizeof(struct gma_clock_t));
>  	memset(best_clock, 0, sizeof(*best_clock));
>  
>  	for (clock.m = limit->m.min; clock.m <= limit->m.max; clock.m++) {

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ