lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2eaa0bc260592a1ab8fa5184261091c0@mail.gmail.com>
Date:   Wed, 8 Mar 2017 21:45:51 +0530
From:   Kashyap Desai <kashyap.desai@...adcom.com>
To:     Bart Van Assche <Bart.VanAssche@...disk.com>, hch@...radead.org
Cc:     linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: RE: out of range LBA using sg_raw

> -----Original Message-----
> From: Bart Van Assche [mailto:Bart.VanAssche@...disk.com]
> Sent: Wednesday, March 08, 2017 9:35 PM
> To: hch@...radead.org; kashyap.desai@...adcom.com
> Cc: linux-scsi@...r.kernel.org; linux-kernel@...r.kernel.org
> Subject: Re: out of range LBA using sg_raw
>
> On Wed, 2017-03-08 at 21:29 +0530, Kashyap Desai wrote:
> > Also one more fault I can generate using below sg_raw command -
> >
> > "sg_raw -r 32k /dev/sdx 28 00 01 4f ff ff 00 00 08 00"
> >
> > Provide more scsi data length compare to actual SG buffer. Do you
> > suggest such SG_IO interface vulnerability is good to be captured in
driver.
>
> That's not a vulnerability of the SG I/O interface. A SCSI device has to
set the
> residual count correctly if the SCSI data length does not match the size
of the
> data buffer.

Thanks Bart.  I will pass this information to Broadcom firmware dev. May
be a Tx/Rx (DMA) related code in MR (also for Fusion IT HBA)  cannot
handle due to some sanity checks are not passed.

>
> Bart.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ