| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20170718091520.gstduw6xb64kuytx@mwanda>
Date: Tue, 18 Jul 2017 12:15:20 +0300
From: Dan Carpenter <dan.carpenter@...cle.com>
To: Jacob von Chorus <jacobvonchorus@...hoto.ca>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Insop Song <insop.song@...nspeed.com>,
devel@...verdev.osuosl.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 1/2] staging: gs_fpgaboot: add buffer overflow checks
On Mon, Jul 17, 2017 at 08:47:25PM -0400, Jacob von Chorus wrote:
> -static void readinfo_bitstream(char *bitdata, char *buf, int *offset)
> +static int readinfo_bitstream(char *bitdata, char *buf, int size, int *offset)
> {
> char tbuf[64];
> s32 len;
> @@ -59,9 +59,15 @@ static void readinfo_bitstream(char *bitdata, char *buf, int *offset)
> read_bitstream(bitdata, tbuf, offset, 2);
>
> len = tbuf[0] << 8 | tbuf[1];
> + if ((len + 1) > size) {
> + pr_err("error: readinfo buffer too small\n");
> + return -ETOOSMALL;
Probably the correct error code is -EINVAL. I should have just said
that in the first email.
regards,
dan carpenter
Powered by blists - more mailing lists