lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 3 Feb 2022 13:51:54 +0100
From:   Daniel Vetter <daniel@...ll.ch>
To:     Helge Deller <deller@....de>
Cc:     Sam Ravnborg <sam@...nborg.org>, Yizhuo Zhai <yzhai003@....edu>,
        Daniel Vetter <daniel.vetter@...ll.ch>,
        Matthew Wilcox <willy@...radead.org>,
        Alex Deucher <alexander.deucher@....com>,
        Xin Tan <tanxin.ctf@...il.com>,
        Xiyu Yang <xiyuyang19@...an.edu.cn>,
        Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>,
        Zhen Lei <thunder.leizhen@...wei.com>,
        Zheyu Ma <zheyuma97@...il.com>,
        Guenter Roeck <linux@...ck-us.net>,
        linux-fbdev@...r.kernel.org, dri-devel@...ts.freedesktop.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v6] fbdev: fbmem: Fix the implicit type casting

On Thu, Feb 03, 2022 at 09:18:30AM +0100, Helge Deller wrote:
> On 2/3/22 07:39, Sam Ravnborg wrote:
> > Hi Daniel,
> >
> > I assume you will take this.
> >
> > Patch is:
> > Reviewed-by: Sam Ravnborg <sam@...nborg.org>
> 
> 
> Acked-by: Helge Deller <deller@....de>

Pushed to drm-misc-fixes, thanks for patch&review.
-Daniel

> 
> Helge
> 
> >
> > 	Sam
> >
> > On Wed, Feb 02, 2022 at 03:58:08PM -0800, Yizhuo Zhai wrote:
> >> In function do_fb_ioctl(), the "arg" is the type of unsigned long,
> >> and in "case FBIOBLANK:" this argument is casted into an int before
> >> passig to fb_blank(). In fb_blank(), the comparision
> >> if (blank > FB_BLANK_POWERDOWN) would be bypass if the original
> >> "arg" is a large number, which is possible because it comes from
> >> the user input. Fix this by adding the check before the function
> >> call.
> >>
> >> Signed-off-by: Yizhuo Zhai <yzhai003@....edu>
> >> ---
> >>  drivers/video/fbdev/core/fbmem.c | 2 ++
> >>  1 file changed, 2 insertions(+)
> >>
> >> diff --git a/drivers/video/fbdev/core/fbmem.c b/drivers/video/fbdev/core/fbmem.c
> >> index 0fa7ede94fa6..13083ad8d751 100644
> >> --- a/drivers/video/fbdev/core/fbmem.c
> >> +++ b/drivers/video/fbdev/core/fbmem.c
> >> @@ -1160,6 +1160,8 @@ static long do_fb_ioctl(struct fb_info *info, unsigned int cmd,
> >>  		ret = fbcon_set_con2fb_map_ioctl(argp);
> >>  		break;
> >>  	case FBIOBLANK:
> >> +		if (arg > FB_BLANK_POWERDOWN)
> >> +			return -EINVAL;
> >>  		console_lock();
> >>  		lock_fb_info(info);
> >>  		ret = fb_blank(info, arg);
> >> --
> >> 2.25.1
> 

-- 
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ