lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 26 Oct 2018 21:56:51 +0200
From:   Jacek Anaszewski <jacek.anaszewski@...il.com>
To:     Pavel Machek <pavel@....cz>
Cc:     Baolin Wang <baolin.wang@...aro.org>, rteysseyre@...il.com,
        bjorn.andersson@...aro.org, broonie@...nel.org,
        linus.walleij@...aro.org, linux-leds@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: More checks for patterns? was: Fix pattern handling
 optimalization

On 10/25/2018 11:24 PM, Pavel Machek wrote:
> 
> We don't want brightness < 0, but this may not be best way to do
> this. We also don't want brightness > max_brightness, but I'm not sure
> this check is effective.
> 
> We probably also don't want pattern where all the delta_t s are zero.
> 
> I came up with this so far....
>    	    	       	    	    	      	  	    Pavel
> 
> 
> 
> diff --git a/drivers/leds/trigger/ledtrig-pattern.c b/drivers/leds/trigger/ledtrig-pattern.c
> index ce7acd1..bc5f495 100644
> --- a/drivers/leds/trigger/ledtrig-pattern.c
> +++ b/drivers/leds/trigger/ledtrig-pattern.c
> @@ -250,9 +251,16 @@ static ssize_t pattern_trig_store_patterns(struct led_classdev *led_cdev,
>  
>  	while (offset < count - 1 && data->npatterns < MAX_PATTERNS) {
>  		cr = 0;
> -		ccount = sscanf(buf + offset, "%d %u %n",
> +		ccount = sscanf(buf + offset, "%u %u %n",
>  				&data->patterns[data->npatterns].brightness,
>  				&data->patterns[data->npatterns].delta_t, &cr);
> +
> +		if (data->patterns[data->npatterns].brightness > data->led_cdev->max_brightness) {
> +			data->npatterns = 0;
> +			err = -EINVAL;

We don't fail on attempt of setting brightness > max_brightness, but
only truncate it. In this case we could do the same for consistency.

> +			goto out;
> +		}
> +			 
>  		if (ccount != 2) {
>  			data->npatterns = 0;
>  			err = -EINVAL;
> 
> 
> 
> 

-- 
Best regards,
Jacek Anaszewski

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ