| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAFLxGvy4aMJTJHQq8WmN9F0yF9yH=ExrzR13bSXqAP6fnuOdpQ@mail.gmail.com>
Date: Fri, 21 Jul 2017 21:45:43 +0200
From: Richard Weinberger <richard.weinberger@...il.com>
To: Pali Rohár <pali.rohar@...il.com>
Cc: Joern Engel <joern@...ybastard.org>,
David Woodhouse <dwmw2@...radead.org>,
Brian Norris <computersforpeace@...il.com>,
Boris Brezillon <boris.brezillon@...e-electrons.com>,
Marek Vasut <marek.vasut@...il.com>,
Richard Weinberger <richard@....at>,
Cyrille Pitchen <cyrille.pitchen@...el.com>,
Artem Bityutskiy <dedekind1@...il.com>,
"linux-mtd@...ts.infradead.org" <linux-mtd@...ts.infradead.org>,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 1/5] mtd: block2mtd: Check for valid user supplied erase size
On Fri, Jun 2, 2017 at 5:43 PM, Pali Rohár <pali.rohar@...il.com> wrote:
> Erase size is limited to 32bit unsigned integer, but value parsed from user
> is limited up to size_t C type.
>
> Signed-off-by: Pali Rohár <pali.rohar@...il.com>
> ---
> drivers/mtd/devices/block2mtd.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/mtd/devices/block2mtd.c b/drivers/mtd/devices/block2mtd.c
> index 7c887f1..ee47cdd 100644
> --- a/drivers/mtd/devices/block2mtd.c
> +++ b/drivers/mtd/devices/block2mtd.c
> @@ -419,7 +419,7 @@ static int block2mtd_setup2(const char *val)
>
> if (token[1]) {
> ret = parse_num(&erase_size, token[1]);
> - if (ret) {
> + if (ret || erase_size > U32_MAX) {
> pr_err("illegal erase size\n");
> return 0;
> }
Reviewed-by: Richard Weinberger <richard@....at>
--
Thanks,
//richard
Powered by blists - more mailing lists