lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 12 May 2017 09:59:07 -0700
From:   Guenter Roeck <linux@...ck-us.net>
To:     Johan Hovold <johan@...nel.org>
Cc:     Wim Van Sebroeck <wim@...ana.be>, linux-watchdog@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] watchdog: pcwd_usb: fix NULL-deref at probe

On Fri, May 12, 2017 at 12:36:27PM +0200, Johan Hovold wrote:
> Hi Guenter and Wim,
> 
> On Mon, Apr 03, 2017 at 07:05:46AM -0700, Guenter Roeck wrote:
> > On 04/03/2017 01:36 AM, Johan Hovold wrote:
> > > On Mon, Mar 13, 2017 at 10:16:33AM -0700, Guenter Roeck wrote:
> > >> On Mon, Mar 13, 2017 at 01:49:45PM +0100, Johan Hovold wrote:
> > >>> Make sure to check the number of endpoints to avoid dereferencing a
> > >>> NULL-pointer should a malicious device lack endpoints.
> > >>>
> > >>> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> > >>> Cc: stable <stable@...r.kernel.org>
> > >>> Signed-off-by: Johan Hovold <johan@...nel.org>
> > >>
> > >> Reviewed-by: Guenter Roeck <linux@...ck-us.net>
> > >
> > > Any progress on this one? I noticed you merged it to both the fixes and
> > > next branches in your staging tree, Guenter (but it does not show up in
> > > linux-next). Will you be sending it on to Linus?
> 
> > my watchdog staging trees are inofficial and not in linux-next.
> > Wim is working on setting up a new server which will provide the
> > official staging tree.
> > 
> > I asked Wim to push the pending patches. I'll do it if he asks me.
> 
> I noticed Guenter's watchdog branch is now in next, but the patches for
> 4.12 are still not in mainline. Have you guys decided who will be
> sending them on to Linus this cycle?
> 
Good question. I had expected Wim to do it, since it is actually his
repository which is in linux-next. But you are correct, it isn't upstream.

Wim ?

Thanks,
Guenter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ