lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <4ad5c6dd-8179-360f-9a90-51f13565956f@linaro.org>
Date:   Fri, 14 Jul 2017 11:54:11 +0100
From:   Srinivas Kandagatla <srinivas.kandagatla@...aro.org>
To:     Leonard Crestez <leonard.crestez@....com>
Cc:     Shawn Guo <shawnguo@...nel.org>, Zhang Rui <rui.zhang@...el.com>,
        Eduardo Valentin <edubezval@...il.com>,
        Rob Herring <robh+dt@...nel.org>,
        Mark Rutland <mark.rutland@....com>,
        Lothar Waßmann <LW@...O-electronics.de>,
        Fabio Estevam <fabio.estevam@....com>,
        Dong Aisheng <aisheng.dong@....com>,
        Bai Ping <ping.bai@....com>, Anson Huang <Anson.Huang@....com>,
        Octavian Purdila <octavian.purdila@....com>,
        linux-pm@...r.kernel.org, devicetree@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/4] thermal: imx: Add support for reading OCOTP through
 nvmem



On 14/07/17 11:49, Leonard Crestez wrote:
>>>> +	}
>>>> +	memcpy(val, buf, sizeof(*val));
>> This can overflow the memory allocated to val, we should be careful here
>> not to do so.
>> limit this to sizeof(u32) should be good. Also add some sanity checks to
>> make sure that len is atleast 4 bytes.
> I'm not sure what you mean, isn't this already done? There is an
> explicit check above that the read len is exactly as expected. It's
> just that the limit is written as sizeof(*val) rather than sizeof(u32).

Opps, I overlooked the type.. it looks okay.

thanks,
srini
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ