lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <202107141055.ES9FgD1v-lkp@intel.com>
Date:   Wed, 14 Jul 2021 10:49:05 +0800
From:   kernel test robot <lkp@...el.com>
To:     Yi Zhuang <zhuangyi1@...wei.com>, benh@...nel.crashing.org,
        paulus@...ba.org
Cc:     kbuild-all@...ts.01.org, zhuangyi1@...wei.com,
        hegdevasant@...ux.vnet.ibm.com, mpe@...erman.id.au,
        linuxppc-dev@...ts.ozlabs.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] powerpc/rtas_flash: fix a potential buffer overflow

Hi Yi,

Thank you for the patch! Perhaps something to improve:

[auto build test WARNING on powerpc/next]
[also build test WARNING on v5.14-rc1 next-20210713]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/0day-ci/linux/commits/Yi-Zhuang/powerpc-rtas_flash-fix-a-potential-buffer-overflow/20210714-090314
base:   https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git next
config: powerpc-allyesconfig (attached as .config)
compiler: powerpc64-linux-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # https://github.com/0day-ci/linux/commit/546db7a99374dedd110a01801ad4456f56170d4d
        git remote add linux-review https://github.com/0day-ci/linux
        git fetch --no-tags linux-review Yi-Zhuang/powerpc-rtas_flash-fix-a-potential-buffer-overflow/20210714-090314
        git checkout 546db7a99374dedd110a01801ad4456f56170d4d
        # save the attached .config to linux build tree
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=powerpc 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>

All warnings (new ones prefixed by >>):

   arch/powerpc/kernel/rtas_flash.c: In function 'get_validate_flash_msg':
>> arch/powerpc/kernel/rtas_flash.c:472:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
     472 |   if ((args_buf->update_results >= VALIDATE_CUR_UNKNOWN) ||
         |   ^~
   arch/powerpc/kernel/rtas_flash.c:476:4: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if'
     476 |    if (n >= msglen) {
         |    ^~


vim +/if +472 arch/powerpc/kernel/rtas_flash.c

^1da177e4c3f41 arch/ppc64/kernel/rtas_flash.c   Linus Torvalds 2005-04-16  464  
^1da177e4c3f41 arch/ppc64/kernel/rtas_flash.c   Linus Torvalds 2005-04-16  465  static int get_validate_flash_msg(struct rtas_validate_flash_t *args_buf, 
a94a14720eaf55 arch/powerpc/kernel/rtas_flash.c Vasant Hegde   2013-05-07  466  		                   char *msg, int msglen)
^1da177e4c3f41 arch/ppc64/kernel/rtas_flash.c   Linus Torvalds 2005-04-16  467  {
^1da177e4c3f41 arch/ppc64/kernel/rtas_flash.c   Linus Torvalds 2005-04-16  468  	int n;
^1da177e4c3f41 arch/ppc64/kernel/rtas_flash.c   Linus Torvalds 2005-04-16  469  
^1da177e4c3f41 arch/ppc64/kernel/rtas_flash.c   Linus Torvalds 2005-04-16  470  	if (args_buf->status >= VALIDATE_TMP_UPDATE) { 
^1da177e4c3f41 arch/ppc64/kernel/rtas_flash.c   Linus Torvalds 2005-04-16  471  		n = sprintf(msg, "%d\n", args_buf->update_results);
^1da177e4c3f41 arch/ppc64/kernel/rtas_flash.c   Linus Torvalds 2005-04-16 @472  		if ((args_buf->update_results >= VALIDATE_CUR_UNKNOWN) ||
^1da177e4c3f41 arch/ppc64/kernel/rtas_flash.c   Linus Torvalds 2005-04-16  473  		    (args_buf->update_results == VALIDATE_TMP_UPDATE))
a94a14720eaf55 arch/powerpc/kernel/rtas_flash.c Vasant Hegde   2013-05-07  474  			n += snprintf(msg + n, msglen - n, "%s\n",
a94a14720eaf55 arch/powerpc/kernel/rtas_flash.c Vasant Hegde   2013-05-07  475  					args_buf->buf);
546db7a99374de arch/powerpc/kernel/rtas_flash.c Yi Zhuang      2021-07-14  476  			if (n >= msglen) {
546db7a99374de arch/powerpc/kernel/rtas_flash.c Yi Zhuang      2021-07-14  477  				n = msglen;
546db7a99374de arch/powerpc/kernel/rtas_flash.c Yi Zhuang      2021-07-14  478  				printk(KERN_ERR "FLASH: msg too long.\n");
546db7a99374de arch/powerpc/kernel/rtas_flash.c Yi Zhuang      2021-07-14  479  			}
^1da177e4c3f41 arch/ppc64/kernel/rtas_flash.c   Linus Torvalds 2005-04-16  480  	} else {
^1da177e4c3f41 arch/ppc64/kernel/rtas_flash.c   Linus Torvalds 2005-04-16  481  		n = sprintf(msg, "%d\n", args_buf->status);
^1da177e4c3f41 arch/ppc64/kernel/rtas_flash.c   Linus Torvalds 2005-04-16  482  	}
^1da177e4c3f41 arch/ppc64/kernel/rtas_flash.c   Linus Torvalds 2005-04-16  483  	return n;
^1da177e4c3f41 arch/ppc64/kernel/rtas_flash.c   Linus Torvalds 2005-04-16  484  }
^1da177e4c3f41 arch/ppc64/kernel/rtas_flash.c   Linus Torvalds 2005-04-16  485  

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

Download attachment ".config.gz" of type "application/gzip" (73240 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ