| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YbN6sMzBqtF507FE@osiris>
Date: Fri, 10 Dec 2021 17:05:04 +0100
From: Heiko Carstens <hca@...ux.ibm.com>
To: Yin Xiujiang <yinxiujiang@...inos.cn>
Cc: gor@...ux.ibm.com, borntraeger@...ibm.com, agordeev@...ux.ibm.com,
linux-s390@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] s390/3215: fix the array may be out of bounds
On Fri, Dec 10, 2021 at 03:02:17PM +0800, Yin Xiujiang wrote:
> if the variable 'line' is NR_3215,
> the 'raw3215[line]' will be invalid
>
> Signed-off-by: Yin Xiujiang <yinxiujiang@...inos.cn>
> ---
> drivers/s390/char/con3215.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/s390/char/con3215.c b/drivers/s390/char/con3215.c
> index f356607835d8..29409d4ca4d5 100644
> --- a/drivers/s390/char/con3215.c
> +++ b/drivers/s390/char/con3215.c
> @@ -687,7 +687,8 @@ static void raw3215_remove (struct ccw_device *cdev)
> for (line = 0; line < NR_3215; line++)
> if (raw3215[line] == raw)
> break;
> - raw3215[line] = NULL;
> + if (line < NR_3215)
> + raw3215[line] = NULL;
This doesn't make sense to me. This could only happen if a device that
was never probed would be removed. The original code could have been
written better to make that more obvious, but with this patch the code
will become even more confusing.
Therefore not applying.
Powered by blists - more mailing lists