| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 14 Jul 2017 11:54:11 +0100
From: Srinivas Kandagatla <srinivas.kandagatla@...aro.org>
To: Leonard Crestez <leonard.crestez@....com>
Cc: Shawn Guo <shawnguo@...nel.org>, Zhang Rui <rui.zhang@...el.com>,
Eduardo Valentin <edubezval@...il.com>,
Rob Herring <robh+dt@...nel.org>,
Mark Rutland <mark.rutland@....com>,
Lothar Waßmann <LW@...O-electronics.de>,
Fabio Estevam <fabio.estevam@....com>,
Dong Aisheng <aisheng.dong@....com>,
Bai Ping <ping.bai@....com>, Anson Huang <Anson.Huang@....com>,
Octavian Purdila <octavian.purdila@....com>,
linux-pm@...r.kernel.org, devicetree@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/4] thermal: imx: Add support for reading OCOTP through
nvmem
On 14/07/17 11:49, Leonard Crestez wrote:
>>>> + }
>>>> + memcpy(val, buf, sizeof(*val));
>> This can overflow the memory allocated to val, we should be careful here
>> not to do so.
>> limit this to sizeof(u32) should be good. Also add some sanity checks to
>> make sure that len is atleast 4 bytes.
> I'm not sure what you mean, isn't this already done? There is an
> explicit check above that the read len is exactly as expected. It's
> just that the limit is written as sizeof(*val) rather than sizeof(u32).
Opps, I overlooked the type.. it looks okay.
thanks,
srini
>
Powered by blists - more mailing lists