| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20161024115851.GM4418@mwanda>
Date: Mon, 24 Oct 2016 14:58:51 +0300
From: Dan Carpenter <dan.carpenter@...cle.com>
To: Michael Zoran <mzoran@...wfest.net>
Cc: gregkh@...uxfoundation.org, devel@...verdev.osuosl.org,
daniels@...labora.com, linux-kernel@...r.kernel.org,
eric@...olt.net, noralf@...nnes.org, popcornmix@...il.com
Subject: Re: [PATCH 1/2] staging: vc04_services: Fix unportable cast in
vchiq_copy_from_user
On Mon, Oct 24, 2016 at 04:39:49AM -0700, Michael Zoran wrote:
> On Mon, 2016-10-24 at 14:36 +0300, Dan Carpenter wrote:
> > On Mon, Oct 24, 2016 at 04:09:37AM -0700, Michael Zoran wrote:
> > > I didn't think it looked totally correct, but I'm not sure it's any
> > > more broken then what is already in the tree.
> >
> > It's not more broken. But better to leave the compile warning there
> > to
> > mark that it is an obvious security problem.
> >
> > >
> > > If you can kindly point me to some other source code or
> > > documentation
> > > to look at that is correct, I'm more then willing to fix the patch.
> > >
> >
> > I was hoping the maintainers could chip in, because I didn't want to
> > look at the code. We really need to track which are use pointers and
> > which are kernel pointers. We can't mix them like this.
> >
> > regards,
> > dan carpenter
> >
>
> The problem is that I'm mostly interested in arm64 ATM, and I don't
> think the existing code works at all with 64 bit pointers.
>
> Broken as it may be...
It's a security issue. We'll get this fixed in a day or two.
regards,
dan carpenter
Powered by blists - more mailing lists