| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <05fe66fe-e1a3-46ba-bbd6-8b0a41109b81@www.fastmail.com>
Date: Tue, 14 Sep 2021 13:18:16 +0200
From: "Sven Peter" <sven@...npeter.dev>
To: "Greg Kroah-Hartman" <gregkh@...uxfoundation.org>
Cc: "Heikki Krogerus" <heikki.krogerus@...ux.intel.com>,
linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/2] usb: typec: tipd: Add an additional overflow check
On Tue, Sep 14, 2021, at 13:00, Greg Kroah-Hartman wrote:
> On Tue, Sep 14, 2021 at 12:42:53PM +0200, Sven Peter wrote:
> > tps6598x_block_read already checks for the maximum length of the read
> > but tps6598x_block_write does not. Add the symmetric check there as
> > well.
> >
> > Signed-off-by: Sven Peter <sven@...npeter.dev>
> > ---
> > drivers/usb/typec/tipd/core.c | 3 +++
> > 1 file changed, 3 insertions(+)
> >
> > diff --git a/drivers/usb/typec/tipd/core.c b/drivers/usb/typec/tipd/core.c
> > index c18ec3785592..70e2d0d410c9 100644
> > --- a/drivers/usb/typec/tipd/core.c
> > +++ b/drivers/usb/typec/tipd/core.c
> > @@ -139,6 +139,9 @@ static int tps6598x_block_write(struct tps6598x *tps, u8 reg,
> > {
> > u8 data[TPS_MAX_LEN + 1];
> >
> > + if (WARN_ON(len + 1 > sizeof(data)))
> > + return -EINVAL;
>
> No need to crash anything. If this is a valid thing for us to check,
> let's check it and handle the error, but we should not reboot systems
> that are running with panic-on-warn enabled, right?
Sure, that makes sense. I guess the same point applies to the WARN_ON in
the same check in tps6598x_block_read. I can add a patch to remove that one
to v2 as well.
thanks,
Sven
Powered by blists - more mailing lists