| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20170620214615.GF12383@lunn.ch>
Date: Tue, 20 Jun 2017 23:46:15 +0200
From: Andrew Lunn <andrew@...n.ch>
To: Arnd Bergmann <arnd@...db.de>
Cc: Florian Fainelli <f.fainelli@...il.com>,
"David S. Miller" <davem@...emloft.net>,
Timur Tabi <timur@...eaurora.org>, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] net: phy: smsc: fix buffer overflow in memcpy
On Tue, Jun 20, 2017 at 10:40:46PM +0200, Arnd Bergmann wrote:
> The memcpy annotation triggers for a fixed-length buffer copy:
>
> In file included from /git/arm-soc/arch/arm64/include/asm/processor.h:30:0,
> from /git/arm-soc/arch/arm64/include/asm/spinlock.h:21,
> from /git/arm-soc/include/linux/spinlock.h:87,
> from /git/arm-soc/include/linux/seqlock.h:35,
> from /git/arm-soc/include/linux/time.h:5,
> from /git/arm-soc/include/linux/stat.h:21,
> from /git/arm-soc/include/linux/module.h:10,
> from /git/arm-soc/drivers/net/phy/smsc.c:20:
> In function 'memcpy',
> inlined from 'smsc_get_strings' at /git/arm-soc/drivers/net/phy/smsc.c:166:3:
> /git/arm-soc/include/linux/string.h:309:4: error: call to '__read_overflow2' declared with attribute error: detected read beyond size of object passed as 2nd parameter
>
> Using strncpy instead of memcpy should do the right thing here.
Hi Arnd
You will find this pattern in number of phy drivers:
bcm-phy-lib.c: memcpy(data + i * ETH_GSTRING_LEN,
marvell.c: memcpy(data + i * ETH_GSTRING_LEN,
micrel.c: memcpy(data + i * ETH_GSTRING_LEN,
smsc.c: memcpy(data + i * ETH_GSTRING_LEN,
They probably all need the same fix.
Andrew
Powered by blists - more mailing lists