| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <007b4e26-8ea1-ac22-fd77-e54b7417351b@redhat.com>
Date: Tue, 25 May 2021 14:23:19 +0800
From: Jason Wang <jasowang@...hat.com>
To: Xie Yongji <xieyongji@...edance.com>, amit@...nel.org,
mst@...hat.com
Cc: virtualization@...ts.linux-foundation.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] virtio_console: Assure used length from device is limited
在 2021/5/25 下午12:53, Xie Yongji 写道:
> The buf->len might come from an untrusted device. This
> ensures the value would not exceed the size of the buffer
> to avoid data corruption or loss.
>
> Signed-off-by: Xie Yongji <xieyongji@...edance.com>
Acked-by: Jason Wang <jasowang@...hat.com>
> ---
> drivers/char/virtio_console.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c
> index 1c40ca6d76ba..598863e6daf8 100644
> --- a/drivers/char/virtio_console.c
> +++ b/drivers/char/virtio_console.c
> @@ -475,7 +475,7 @@ static struct port_buffer *get_inbuf(struct port *port)
>
> buf = virtqueue_get_buf(port->in_vq, &len);
> if (buf) {
> - buf->len = len;
> + buf->len = min(len, buf->size);
> buf->offset = 0;
> port->stats.bytes_received += len;
> }
> @@ -1709,7 +1709,7 @@ static void control_work_handler(struct work_struct *work)
> while ((buf = virtqueue_get_buf(vq, &len))) {
> spin_unlock(&portdev->c_ivq_lock);
>
> - buf->len = len;
> + buf->len = min(len, buf->size);
> buf->offset = 0;
>
> handle_control_message(vq->vdev, portdev, buf);
Powered by blists - more mailing lists