lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 1 Nov 2017 14:25:24 -0500 From: Mario Limonciello <mario.limonciello@...l.com> To: dvhart@...radead.org, Andy Shevchenko <andy.shevchenko@...il.com> Cc: LKML <linux-kernel@...r.kernel.org>, platform-driver-x86@...r.kernel.org, Andy Lutomirski <luto@...nel.org>, quasisec@...gle.com, pali.rohar@...il.com, rjw@...ysocki.net, mjg59@...gle.com, hch@....de, Greg KH <greg@...ah.com>, Alan Cox <gnomes@...rguk.ukuu.org.uk>, Mario Limonciello <mario.limonciello@...l.com> Subject: [PATCH v12 03/16] platform/x86: dell-wmi: increase severity of some failures There is a lot of error checking in place for the format of the WMI descriptor buffer, but some of the potentially raised issues should be considered critical failures. If the buffer size or header don't match, this is a good indication that the buffer format changed in a way that the rest of the data should not be relied upon. For the remaining data set vectors, continue to notate a warning in undefined results, but as those are fields that the descriptor intended to refer to other applications, don't fail if they're new values. Signed-off-by: Mario Limonciello <mario.limonciello@...l.com> Reviewed-by: Edward O'Callaghan <quasisec@...gle.com> Reviewed-by: Pali Rohár <pali.rohar@...il.com> --- drivers/platform/x86/dell-wmi.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/drivers/platform/x86/dell-wmi.c b/drivers/platform/x86/dell-wmi.c index 1fbef560ca67..2cfaaa8faf0a 100644 --- a/drivers/platform/x86/dell-wmi.c +++ b/drivers/platform/x86/dell-wmi.c @@ -657,17 +657,18 @@ static int dell_wmi_check_descriptor_buffer(struct wmi_device *wdev) dev_err(&wdev->dev, "Dell descriptor buffer has invalid length (%d)\n", obj->buffer.length); - if (obj->buffer.length < 16) { - ret = -EINVAL; - goto out; - } + ret = -EINVAL; + goto out; } buffer = (u32 *)obj->buffer.pointer; - if (buffer[0] != 0x4C4C4544 && buffer[1] != 0x494D5720) - dev_warn(&wdev->dev, "Dell descriptor buffer has invalid signature (%*ph)\n", + if (buffer[0] != 0x4C4C4544 && buffer[1] != 0x494D5720) { + dev_err(&wdev->dev, "Dell descriptor buffer has invalid signature (%*ph)\n", 8, buffer); + ret = -EINVAL; + goto out; + } if (buffer[2] != 0 && buffer[2] != 1) dev_warn(&wdev->dev, "Dell descriptor buffer has unknown version (%d)\n", -- 2.14.1
Powered by blists - more mailing lists