lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 10 Feb 2023 12:26:06 +0100
From:   Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:     Anton Gusev <aagusev@...ras.ru>
Cc:     linux-staging@...ts.linux.dev, linux-kernel@...r.kernel.org,
        lvc-project@...uxtesting.org
Subject: Re: [PATCH] staging/wlan-ng: Check hfa384x_dowmem result in
 hfa384x_drvr_flashdl_write

On Thu, Feb 09, 2023 at 07:18:36PM +0300, Anton Gusev wrote:
> In hfa384x_drvr_flashdl_write, hfa384x_dowmem is called in a cycle
> without checking the result. Ignoring an error there may lead to an
> incorrect flash download buffer value during the consequent write.

Did you reproduce this on a running system?

> Found by Linux Verification Center (linuxtesting.org) with SVACE.

How was this tested?  If not tested you HAVE TO SAY SO!  Especially when
dealing with random tools that we know nothing about.

> 
> Signed-off-by: Anton Gusev <aagusev@...ras.ru>
> ---
>  drivers/staging/wlan-ng/hfa384x_usb.c | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/drivers/staging/wlan-ng/hfa384x_usb.c b/drivers/staging/wlan-ng/hfa384x_usb.c
> index c7cd54171d99..baac5c02f904 100644
> --- a/drivers/staging/wlan-ng/hfa384x_usb.c
> +++ b/drivers/staging/wlan-ng/hfa384x_usb.c
> @@ -1880,6 +1880,12 @@ int hfa384x_drvr_flashdl_write(struct hfa384x *hw, u32 daddr,
>  						writepage,
>  						writeoffset,
>  						writebuf, writelen);
> +			if (result) {
> +				netdev_err(hw->wlandev->netdev,
> +					   "dowmem(page=%x,offset=%x,data=%p,len=%d) failed, result=%d. Aborting d/l\n",
> +					   writepage, writeoffset, writebuf, writelen, result);
> +				return result;
> +			}
>  		}
>  
>  		/* set the download 'write flash' mode */
> -- 
> 2.39.1
> 
> 

Please fix up your tool, this patch does not follow the pattern of the
rest of the "exit on error" paths in this function so of course I'm not
going to accept this.

At this point, it really really feels like something needs to change
with your submissions, they are not working well :(

{sigh}

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ