lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Sat, 22 Aug 2020 13:49:34 -0700
From:   Florian Fainelli <f.fainelli@...il.com>
To:     Markus Mayer <mmayer@...adcom.com>
Cc:     Krzysztof Kozlowski <krzk@...nel.org>,
        Colin Ian King <colin.king@...onical.com>,
        BCM Kernel Feedback <bcm-kernel-feedback-list@...adcom.com>,
        Linux ARM Kernel <linux-arm-kernel@...ts.infradead.org>,
        Linux Kernel <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2] memory: brcmstb_dpfe: fix array index out of bounds



On 8/22/2020 1:47 PM, Markus Mayer wrote:
> On Sat, 22 Aug 2020 at 13:21, Florian Fainelli <f.fainelli@...il.com> wrote:
>>
>> On 8/22/2020 1:14 PM, Markus Mayer wrote:
>>> On Sat, 22 Aug 2020 at 09:46, Krzysztof Kozlowski <krzk@...nel.org> wrote:
>>>>
>>>> On Sat, Aug 22, 2020 at 09:40:59AM -0700, Markus Mayer wrote:
>>>>> On Sat, 22 Aug 2020 at 04:56, Krzysztof Kozlowski <krzk@...nel.org> wrote:
>>>>>>
>>>>>> On Fri, Aug 21, 2020 at 09:52:21AM -0700, Markus Mayer wrote:
>>>>>>> We would overrun the error_text array if we hit a TIMEOUT condition,
>>>>>>> because we were using the error code "ETIMEDOUT" (which is 110) as an
>>>>>>> array index.
>>>>>>>
>>>>>>> We fix the problem by correcting the array index and by providing a
>>>>>>> function to retrieve error messages rather than accessing the array
>>>>>>> directly. The function includes a bounds check that prevents the array
>>>>>>> from being overrun.
>>>>>>>
>>>>>>> This patch was prepared in response to
>>>>>>>       https://lkml.org/lkml/2020/8/18/505.
>>>>>>>
>>>>>>> Signed-off-by: Markus Mayer <mmayer@...adcom.com>
>>>>>>
>>>>>> Your Signed-off-by does not match From field. Please run
>>>>>> scripts/checkpatch on every patch you send.
>>>>>>
>>>>>> I fixed it up, assuming markus.mayer@...adcom.com is the valid email
>>>>>> address.
>>>>>
>>>>> No. I have always been using mmayer@...adcom.com since it is shorter.
>>>>> That's also what's in the MAINTAINERS file. Please change it back. I
>>>>> accidentally used the long form for one of my e-mail replies which is
>>>>> where the confusion must have originated.
>>>>
>>>> I'll drop the patch then. You need to resend with SoB matching email.
>>>
>>> Oh, I am starting to see what's happening here. This is new and
>>> apparently due to some changes with the mail server setup on our end.
>>>
>>> I have this in my patch file:
>>>
>>> $ head 0001-memory-brcmstb_dpfe-fix-array-index-out-of-bounds.patch
>>>   From 6b424772d4c84fa56474b2522d0d3ed6b2b2b360 Mon Sep 17 00:00:00 2001
>>> From: Markus Mayer <mmayer@...adcom.com>
>>> Date: Fri, 21 Aug 2020 08:56:52 -0700
>>>
>>> Sending patches like this used to work. Clearly our SMTP server has
>>> now taken it upon itself to rewrite the sender e-mail address. I
>>> wasn't expecting that. Let me look into it. Sorry for the hassle. It
>>> was not intentional.
>>
>> Yes, if you used to use the SMTP relay server which did not require
>> authentication for internal hosts, and now you use smtp.gmail.com with
>> your broadcom.com username, the SMTP server will rewrite the From: to
>> match the username used to authenticate with the server.
> 
> Actually, it was the other way around. Connecting to smtp.gmail.com
> does allow the "From:" header to be customized. The envelope sender,
> i.e. the "From " line at the very beginning of the e-mail, might still
> get rewritten, but that's okay since the "From:" header is left alone.
> The internal SMTP server, however, which does not require
> authentication, unexpectedly rewrites the "From:" header in the middle
> of the e-mail header.
> 
> Got it set up now in a way that should work. At least it did in my
> test. I'll send out v3 of the patch momentarily, and then we'll know
> for sure.

Reason #42 why I hide behind my gmail.com account! Glad you sorted it out.
-- 
Florian

Powered by blists - more mailing lists