lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20181226043443.74229-1-kjlu@umn.edu>
Date:   Tue, 25 Dec 2018 22:34:41 -0600
From:   Kangjie Lu <kjlu@....edu>
To:     kjlu@....edu
Cc:     pakki001@....edu, "David S. Miller" <davem@...emloft.net>,
        netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH] wan: fix a missing check of spi_write_then_read

When spi_write_then_read() fails, "data" can be uninitialized and thus
may contain a random value; the following execution checks "data" with a
mask, the result could be random.

The fix inserts a check of spi_write_then_read(): if it fails, always
returns -1.

Signed-off-by: Kangjie Lu <kjlu@....edu>
---
 drivers/net/wan/slic_ds26522.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/drivers/net/wan/slic_ds26522.c b/drivers/net/wan/slic_ds26522.c
index 1f6bc8791d51..89681910d875 100644
--- a/drivers/net/wan/slic_ds26522.c
+++ b/drivers/net/wan/slic_ds26522.c
@@ -64,8 +64,9 @@ static u8 slic_read(struct spi_device *spi, u16 addr)
 	temp[0] = (u8)(((addr >> 8) & 0x7f) | 0x80);
 	temp[1] = (u8)(addr & 0xfe);
 
-	spi_write_then_read(spi, &temp[0], SLIC_TWO_LEN, &data,
-			    SLIC_TRANS_LEN);
+	if (spi_write_then_read(spi, &temp[0], SLIC_TWO_LEN, &data,
+			    SLIC_TRANS_LEN))
+		return -1;
 
 	data = bitrev8(data);
 	return data;
-- 
2.17.2 (Apple Git-113)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ