| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20180620182723.GA24430@beast>
Date: Wed, 20 Jun 2018 11:27:23 -0700
From: Kees Cook <keescook@...omium.org>
To: David Airlie <airlied@...ux.ie>
Cc: linux-kernel@...r.kernel.org,
Hans Verkuil <hans.verkuil@...co.com>,
Russell King <rmk+kernel@...linux.org.uk>,
dri-devel@...ts.freedesktop.org
Subject: [PATCH] drm/i2c: tda9950: Remove VLA usage
In the quest to remove all stack VLA usage from the kernel[1], this
sets the buffer to maximum size and adds a sanity check.
[1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com
Signed-off-by: Kees Cook <keescook@...omium.org>
---
drivers/gpu/drm/i2c/tda9950.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/i2c/tda9950.c b/drivers/gpu/drm/i2c/tda9950.c
index 3f7396caad48..28314433c351 100644
--- a/drivers/gpu/drm/i2c/tda9950.c
+++ b/drivers/gpu/drm/i2c/tda9950.c
@@ -76,9 +76,12 @@ struct tda9950_priv {
static int tda9950_write_range(struct i2c_client *client, u8 addr, u8 *p, int cnt)
{
struct i2c_msg msg;
- u8 buf[cnt + 1];
+ u8 buf[CEC_MAX_MSG_SIZE + 3];
int ret;
+ if (WARN_ON(cnt > sizeof(buf)))
+ return -EINVAL;
+
buf[0] = addr;
memcpy(buf + 1, p, cnt);
--
2.17.1
--
Kees Cook
Pixel Security
Powered by blists - more mailing lists