lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 3 Apr 2017 15:26:02 +0200 From: Johan Hovold <johan@...nel.org> To: Kalle Valo <kvalo@....qualcomm.com> Cc: Johan Hovold <johan@...nel.org>, ath9k-devel <ath9k-devel@....qualcomm.com>, Daniel Drake <dsd@...too.org>, Ulrich Kunitz <kune@...ne-taler.de>, "linux-wireless@...r.kernel.org" <linux-wireless@...r.kernel.org>, "netdev@...r.kernel.org" <netdev@...r.kernel.org>, "linux-usb@...r.kernel.org" <linux-usb@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: Re: [PATCH 1/2] wireless: ath9k_htc: fix NULL-deref at probe On Mon, Apr 03, 2017 at 01:21:08PM +0000, Kalle Valo wrote: > Johan Hovold <johan@...nel.org> writes: > > > On Mon, Apr 03, 2017 at 01:02:28PM +0000, Kalle Valo wrote: > >> Kalle Valo <kvalo@...eaurora.org> writes: > >> > >> > Johan Hovold <johan@...nel.org> writes: > >> > > >> >> On Mon, Mar 13, 2017 at 01:44:20PM +0100, Johan Hovold wrote: > >> >>> Make sure to check the number of endpoints to avoid dereferencing a > >> >>> NULL-pointer or accessing memory beyond the endpoint array should a > >> >>> malicious device lack the expected endpoints. > >> >>> > >> >>> Fixes: 36bcce430657 ("ath9k_htc: Handle storage devices") > >> >>> Cc: Sujith Manoharan <Sujith.Manoharan@...eros.com> > >> >>> Signed-off-by: Johan Hovold <johan@...nel.org> > >> >> > >> >> Is this one still in your queue, Kalle? > >> > > >> > Yes, I'm just lacking behing: > >> > > >> > https://patchwork.kernel.org/patch/9620723/ > >> > >> Meant "lagging" of course. Mondays.. > >> > >> >> As I mentioned earlier, I should have added a > >> >> > >> >> Cc: stable <stable@...r.kernel.org> # 2.6.39 > >> >> > >> >> but left it out as I mistakingly thought the net recommendations to do > >> >> so applied also to wireless. > >> > > >> > Ok, I'll add that. > >> > >> But is 2.6.39 really correct? Shouldn't it be 2.6.39+ so that it means > >> all versions since 2.6.39? > > > > Either way is fine, the stable maintainers apply them to all later > > versions. > > > > I notice now that adding a plus sign is more common, but it's still a > > 1:2 ratio judging from quick grep, while the stable-kernel-rules.rst > > actually uses a minus sign... > > Heh, quite confusing :) I added the plus sign already to the patch in my > pending branch so unless you object I'll keep it. Please do, no objection. :) Thanks, Johan
Powered by blists - more mailing lists