lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <4aef4cd04a499c022c64c5e0276ce36f9ff3eacf.camel@linux.intel.com>
Date:   Wed, 15 Mar 2023 13:35:42 -0700
From:   Todd Brandt <todd.e.brandt@...ux.intel.com>
To:     Krzysztof Kozlowski <krzk@...nel.org>,
        Todd Brandt <todd.e.brandt@...el.com>,
        linux-input@...r.kernel.org, linux-iio@...r.kernel.org,
        linux-kernel@...r.kernel.org
Cc:     srinivas.pandruvada@...ux.intel.com, jic23@...nel.org,
        jikos@...nel.org, p.jungkamp@....net
Subject: Re: [PATCH v2] Fix buffer overrun in HID-SENSOR name string

On Wed, 2023-03-15 at 08:04 +0100, Krzysztof Kozlowski wrote:
> On 13/03/2023 23:06, Todd Brandt wrote:
> > On some platforms there are some platform devices created with
> > invalid names. For example: "HID-SENSOR-INT-020b?.39.auto" instead
> > of "HID-SENSOR-INT-020b.39.auto"
> > 
> > This string include some invalid characters, hence it will fail to
> > properly load the driver which will handle this custom sensor. Also
> > it is a problem for some user space tools, which parse the device
> > names from ftrace and dmesg.
> > 
> > This is because the string, real_usage, is not NULL terminated and
> > printed with %s to form device name.
> > 
> > To address this, we initialize the real_usage string with 0s.
> > 
> > Philipp Jungkamp created this fix, I'm simply submitting it. I've
> > verified it fixes bugzilla issue 217169
> > 
> > Reported-and-tested-by: Todd Brandt <todd.e.brandt@...ux.intel.com>
> > Signed-off-by: Todd Brandt <todd.e.brandt@...el.com>
> 
> SoB denotes that you reported this and tested. Otherwise shall we
> start
> adding Reported and Tested tags to all of our commits?
> 
I just copied it from someone else's post on the mailing list, I
thought it was part of the standard lkml vernacular but I just looked
it up and it's explicitly forbidden in
Documentation/process/maintainer-top.rst line 385. So the answer is no.
I'll not use it again.

> 
> Best regards,
> Krzysztof
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ