| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 25 Dec 2021 21:24:18 +0300
From: Pavel Skripkin <paskripkin@...il.com>
To: wsa@...nel.org, viro@...iv.linux.org.uk
Cc: linux-i2c@...r.kernel.org, linux-kernel@...r.kernel.org,
Pavel Skripkin <paskripkin@...il.com>,
syzbot+e417648b303855b91d8a@...kaller.appspotmail.com
Subject: [PATCH v2] i2c: don't pass 0 nmsgs to i2c_transfer
We should not pass 0 nmsgs to i2c_transfer(), since it will cause
warning. This patch adds missing validation check to prevent passing
0 nmsgs to i2c_transfer().
Reported-and-tested-by: syzbot+e417648b303855b91d8a@...kaller.appspotmail.com
Fixes: 7d5cb45655f2 ("i2c compat ioctls: move to ->compat_ioctl()")
Signed-off-by: Pavel Skripkin <paskripkin@...il.com>
---
Changes in v2:
- Fixed typos in commit message
---
drivers/i2c/i2c-dev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/i2c/i2c-dev.c b/drivers/i2c/i2c-dev.c
index bce0e8bb7852..3b54efa4b1ec 100644
--- a/drivers/i2c/i2c-dev.c
+++ b/drivers/i2c/i2c-dev.c
@@ -535,7 +535,7 @@ static long compat_i2cdev_ioctl(struct file *file, unsigned int cmd, unsigned lo
sizeof(rdwr_arg)))
return -EFAULT;
- if (rdwr_arg.nmsgs > I2C_RDWR_IOCTL_MAX_MSGS)
+ if (!rdwr_arg.nmsgs || rdwr_arg.nmsgs > I2C_RDWR_IOCTL_MAX_MSGS)
return -EINVAL;
rdwr_pa = kmalloc_array(rdwr_arg.nmsgs, sizeof(struct i2c_msg),
--
2.34.1
Powered by blists - more mailing lists