| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <40646609-8298-2d76-2f0c-e732404a23d4@oracle.com>
Date: Mon, 18 Mar 2019 11:13:18 +0800
From: "jianchao.wang" <jianchao.w.wang@...cle.com>
To: jejb@...ux.ibm.com, martin.petersen@...cle.com
Cc: "linux-scsi@...r.kernel.org" <linux-scsi@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Junxiao Bi <junxiao.bi@...cle.com>, diego.gonzalez@...cle.com
Subject: Re: [BUG] scsi: ses: out of bound accessing in
ses_enclosure_data_process
Would anyone please give some suggestions ?
It looks like there somethings wrong in the read-in data,
/* skip all the enclosure descriptors */
for (i = 0; i < num_enclosures && type_ptr < buf + len; i++) {
types += type_ptr[2];
type_ptr += type_ptr[3] + 4; ----> here
}
Then the typr_ptr got out of bound of the buffer.
Thanks
Jianchao
On 3/14/19 11:19 AM, jianchao.wang wrote:
> Dear all
>
> When our customer probe the lpfc devices, they encountered odd memory corruption issues,
> and we get 'out of bound' access warning at following position after open KASAN
>
> ses_enclosure_data_process
>
> for (i = 0; i < types; i++, type_ptr += 4) {
> for (j = 0; j < type_ptr[1]; j++) {
> ^^^^^^^^^^^
> out of bound
>
> With some debug log, I got following,
>
> page1 ffff88042d1aad20 len 32 types 5 type_ptr ffff88042d1aad64
>
> Would anyone please give some suggestions on this ?
>
> Thanks
> Jianchao
>
Powered by blists - more mailing lists