lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 18 Oct 2018 17:08:29 +0200 From: "Gustavo A. R. Silva" <gustavo@...eddedor.com> To: linux-kernel@...r.kernel.org Cc: Kishon Vijay Abraham I <kishon@...com>, Quentin Schulz <quentin.schulz@...tlin.com>, "Gustavo A. R. Silva" <gustavo@...eddedor.com> Subject: [PATCH v2 2/2] phy: ocelot-serdes: fix out-of-bounds read Currently, there is an out-of-bounds read on array ctrl->phys, once variable i reaches the maximum array size of SERDES_MAX in the for loop. Fix this by changing the condition in the for loop from i <= SERDES_MAX to i < SERDES_MAX. Addresses-Coverity-ID: 1473966 ("Out-of-bounds read") Addresses-Coverity-ID: 1473959 ("Out-of-bounds read") Fixes: 51f6b410fc22 ("phy: add driver for Microsemi Ocelot SerDes muxing") Reviewed-by: Quentin Schulz <quentin.schulz@...tlin.com> Signed-off-by: Gustavo A. R. Silva <gustavo@...eddedor.com> --- Changes in v2: - Rebase and add Quentin's Reviewed-by to commit log. drivers/phy/mscc/phy-ocelot-serdes.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/phy/mscc/phy-ocelot-serdes.c b/drivers/phy/mscc/phy-ocelot-serdes.c index b2be546..cbb49d9 100644 --- a/drivers/phy/mscc/phy-ocelot-serdes.c +++ b/drivers/phy/mscc/phy-ocelot-serdes.c @@ -206,7 +206,7 @@ static struct phy *serdes_simple_xlate(struct device *dev, port = args->args[0]; idx = args->args[1]; - for (i = 0; i <= SERDES_MAX; i++) { + for (i = 0; i < SERDES_MAX; i++) { struct serdes_macro *macro = phy_get_drvdata(ctrl->phys[i]); if (idx != macro->idx) @@ -260,7 +260,7 @@ static int serdes_probe(struct platform_device *pdev) if (IS_ERR(ctrl->regs)) return PTR_ERR(ctrl->regs); - for (i = 0; i <= SERDES_MAX; i++) { + for (i = 0; i < SERDES_MAX; i++) { ret = serdes_phy_create(ctrl, i, &ctrl->phys[i]); if (ret) return ret; -- 2.7.4
Powered by blists - more mailing lists