| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YtgmALzpaR9IHR/F@zn.tnic>
Date: Wed, 20 Jul 2022 17:57:52 +0200
From: Borislav Petkov <bp@...en8.de>
To: "Kani, Toshi" <toshi.kani@....com>
Cc: "rrichter@...vell.com" <rrichter@...vell.com>,
"mchehab@...nel.org" <mchehab@...nel.org>,
"Elliott, Robert (Servers)" <elliott@....com>,
"linux-edac@...r.kernel.org" <linux-edac@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] EDAC/ghes: Fix buffer overflow in ghes_edac_register()
On Wed, Jul 20, 2022 at 03:41:20PM +0000, Kani, Toshi wrote:
> SMBIOS handle is correct.
>
> In dimm_setup_label(), *device is set but *bank is null (dmi_empty_string).
> *bank is set from SMBIOS type 17 Bank Locator, offset 11h. This value is
> set to 0x0 (null string) on this system, as shown below.
>
> Handle 0x0020, DMI type 17, 84 bytes
> Memory Device
> Array Handle: 0x0013
> Error Information Handle: Not Provided
> Total Width: 72 bits
> Data Width: 64 bits
> Size: 32 GB
> Form Factor: DIMM
> Set: None
> Locator: PROC 1 DIMM 1 <===== device
> Bank Locator: Not Specified <===== bank
I think it'll be more user-friendly to put
"PROC 1 DIMM 1" for device
and
"NA" or so for bank
instead of setting the label to the NULL string.
I.e., relax that
if (bank && *bank && device && *device)
check there.
Thx.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
Powered by blists - more mailing lists