| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20220628054539.33187-1-schspa@gmail.com>
Date: Tue, 28 Jun 2022 13:45:39 +0800
From: Schspa Shi <schspa@...il.com>
To: wim@...ux-watchdog.org, linux@...ck-us.net
Cc: linux-watchdog@...r.kernel.org, linux-kernel@...r.kernel.org,
zhaohui.shi@...izon.ai, Schspa Shi <schspa@...il.com>
Subject: [PATCH] watchdog: dw_wdt: Fix buffer overflow when get timeout
The top_val can be obtained from device-tree, if it is not configured
correctly, there will be buffer overflow.
Signed-off-by: Schspa Shi <schspa@...il.com>
---
drivers/watchdog/dw_wdt.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/watchdog/dw_wdt.c b/drivers/watchdog/dw_wdt.c
index cd578843277e..1f8605c0d712 100644
--- a/drivers/watchdog/dw_wdt.c
+++ b/drivers/watchdog/dw_wdt.c
@@ -155,6 +155,9 @@ static unsigned int dw_wdt_get_min_timeout(struct dw_wdt *dw_wdt)
break;
}
+ if (WARN_ON_ONCE(idx == DW_WDT_NUM_TOPS))
+ idx = DW_WDT_NUM_TOPS - 1;
+
return dw_wdt->timeouts[idx].sec;
}
@@ -178,6 +181,9 @@ static unsigned int dw_wdt_get_timeout(struct dw_wdt *dw_wdt)
break;
}
+ if (WARN_ON_ONCE(idx == DW_WDT_NUM_TOPS))
+ idx = DW_WDT_NUM_TOPS - 1;
+
/*
* In IRQ mode due to the two stages counter, the actual timeout is
* twice greater than the TOP setting.
--
2.29.0
Powered by blists - more mailing lists