| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 07 Nov 2019 15:21:18 -0800 (PST)
From: David Miller <davem@...emloft.net>
To: tranmanphong@...il.com
Cc: syzbot+7dc7c28d4577bbe55b10@...kaller.appspotmail.com,
gregkh@...uxfoundation.org, glider@...gle.com,
hslester96@...il.com, kstewart@...uxfoundation.org,
linux-kernel@...r.kernel.org, linux-usb@...r.kernel.org,
netdev@...r.kernel.org, syzkaller-bugs@...glegroups.com,
tglx@...utronix.de, linux-kernel-mentees@...ts.linuxfoundation.org
Subject: Re: [PATCH] usb: asix: Fix uninit-value in asix_mdio_write
From: Phong Tran <tranmanphong@...il.com>
Date: Thu, 7 Nov 2019 07:44:04 +0700
> The local variables use without initilization value.
> This fixes the syzbot report.
>
> Reported-by: syzbot+7dc7c28d4577bbe55b10@...kaller.appspotmail.com
>
> Test result:
>
> https://groups.google.com/d/msg/syzkaller-bugs/3H_n05x_sPU/sUoHhxgAAgAJ
>
> Signed-off-by: Phong Tran <tranmanphong@...il.com>
There are several more situations in this file where the data blob passed
to asix_read_cmd() is read without pre-initialization not checking the
return value from asix_read_cmd().
So, syzbot can see some of them but not all of them, yet all of them
are buggy and should be fixed.
These kinds of patches drive me absolutely crazy :-)
Really, one of two things needs to happen, either asix_read_cmd() clears
the incoming buffer unconditionally, or these call sites strictly must
check the return value always before accessing the buffer after the call.
I'm not applying this, sorry.
Powered by blists - more mailing lists