lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20230720005717.GD57770@google.com>
Date:   Thu, 20 Jul 2023 09:57:17 +0900
From:   Sergey Senozhatsky <senozhatsky@...omium.org>
To:     Ricardo Ribalda <ribalda@...omium.org>
Cc:     Laurent Pinchart <laurent.pinchart@...asonboard.com>,
        Mauro Carvalho Chehab <mchehab@...nel.org>,
        linux-media@...r.kernel.org, linux-kernel@...r.kernel.org,
        stable@...nel.org
Subject: Re: [PATCH] media: uvcvideo: Fix OOB read

On (23/07/19 12:05), Ricardo Ribalda wrote:
> diff --git a/drivers/media/usb/uvc/uvc_ctrl.c b/drivers/media/usb/uvc/uvc_ctrl.c
> index 5e9d3da862dd..5e3af66a2223 100644
> --- a/drivers/media/usb/uvc/uvc_ctrl.c
> +++ b/drivers/media/usb/uvc/uvc_ctrl.c
> @@ -1402,6 +1402,9 @@ int uvc_query_v4l2_menu(struct uvc_video_chain *chain,
>  	query_menu->id = id;
>  	query_menu->index = index;
>  
> +	if (index >= UVC_MAX_MENU)
> +		return -EINVAL;

We probably can just do

	if (index >= BITS_PER_TYPE(mapping->menu_mask))
		return -EINVAL;

This should be better than using a hard-coded constant or even
BITS_PER_LONG (which is still a hard-coded constant). Because
BITS_PER_LONG won't get us covered if one day ->menu_mask data
type changes.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ