| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20201005135046.GA26765@duo.ucw.cz>
Date: Mon, 5 Oct 2020 15:50:46 +0200
From: Pavel Machek <pavel@....cz>
To: Marek Behun <kabel@...ckhole.sk>
Cc: ultracoolguy@...anota.com, Dmurphy <dmurphy@...com>,
Linux Leds <linux-leds@...r.kernel.org>,
Trivial <trivial@...nel.org>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] leds: lm3697: Fix out-of-bound access
Hi!
> > if (ret)
> > dev_err(&priv->client->dev, "Cannot write OUTPUT config\n");
> >
> > - for (i = 0; i < LM3697_MAX_CONTROL_BANKS; i++) {
> > + for (i = 0; i < priv->num_leds; i++) {
>
> Ultracoolguy is correct that this for cycle should not iterate
> LM3697_MAX_CONTROL_BANKS. Instead, the count check in lm3697_probe should be changed from
>
> if (!count)
> to
> if (!count || count > LM3697_MAX_CONTROL_BANKS)
>
> (the error message should also be changed, or maybe dropped, and the
> error code changed from -ENODEV to -EINVAL, if we use || operator).
I guess Dan (or someone else?) can submit simple one-liner I could
apply into -for-next (and maybe stable), and then we can sort the
naming etc in the driver? Gettings banks vs. LEDs right would be nice.
Thanks and best regards,
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
Download attachment "signature.asc" of type "application/pgp-signature" (196 bytes)
Powered by blists - more mailing lists