lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20180718141356.2515-1-vasilyev@ispras.ru>
Date:   Wed, 18 Jul 2018 17:13:56 +0300
From:   Anton Vasilyev <vasilyev@...ras.ru>
To:     Mauro Carvalho Chehab <mchehab@...nel.org>
Cc:     Anton Vasilyev <vasilyev@...ras.ru>, Sean Young <sean@...s.org>,
        Hans Verkuil <hans.verkuil@...co.com>,
        Arvind Yadav <arvind.yadav.cs@...il.com>,
        "Gustavo A. R. Silva" <garsilva@...eddedor.com>,
        linux-media@...r.kernel.org, linux-kernel@...r.kernel.org,
        ldv-project@...uxtesting.org
Subject: [PATCH] media: dm1105: Limit number of cards to avoid buffer over read

dm1105_probe() counts number of cards at dm1105_devcount,
but missed bounds check before dereference a card array.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Anton Vasilyev <vasilyev@...ras.ru>
---
 drivers/media/pci/dm1105/dm1105.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/media/pci/dm1105/dm1105.c b/drivers/media/pci/dm1105/dm1105.c
index c9db108751a7..1ddb0576fb7b 100644
--- a/drivers/media/pci/dm1105/dm1105.c
+++ b/drivers/media/pci/dm1105/dm1105.c
@@ -986,6 +986,9 @@ static int dm1105_probe(struct pci_dev *pdev,
 	int ret = -ENOMEM;
 	int i;
 
+	if (dm1105_devcount >= ARRAY_SIZE(card))
+		return -ENODEV;
+
 	dev = kzalloc(sizeof(struct dm1105_dev), GFP_KERNEL);
 	if (!dev)
 		return -ENOMEM;
-- 
2.18.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ