| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20180701160855.345406874@linuxfoundation.org>
Date: Sun, 1 Jul 2018 18:22:06 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-kernel@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
stable@...r.kernel.org, Dan Carpenter <dan.carpenter@...cle.com>,
Frank Rowand <frank.rowand@...y.com>,
Rob Herring <robh@...nel.org>
Subject: [PATCH 4.14 054/157] of: overlay: validate offset from property fixups
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Frank Rowand <frank.rowand@...y.com>
commit 482137bf2aecd887ebfa8756456764a2f6a0e545 upstream.
The smatch static checker marks the data in offset as untrusted,
leading it to warn:
drivers/of/resolver.c:125 update_usages_of_a_phandle_reference()
error: buffer underflow 'prop->value' 's32min-s32max'
Add check to verify that offset is within the property data.
Reported-by: Dan Carpenter <dan.carpenter@...cle.com>
Signed-off-by: Frank Rowand <frank.rowand@...y.com>
Cc: <stable@...r.kernel.org>
Signed-off-by: Rob Herring <robh@...nel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
---
drivers/of/resolver.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/of/resolver.c
+++ b/drivers/of/resolver.c
@@ -129,6 +129,11 @@ static int update_usages_of_a_phandle_re
goto err_fail;
}
+ if (offset < 0 || offset + sizeof(__be32) > prop->length) {
+ err = -EINVAL;
+ goto err_fail;
+ }
+
*(__be32 *)(prop->value + offset) = cpu_to_be32(phandle);
}
Powered by blists - more mailing lists