lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 19 Mar 2024 06:57:22 +0000
From: Xin Ji <xji@...logixsemi.com>
To: Grigory Bazilevich <bazilevich@...amp.ru>, Heikki Krogerus
	<heikki.krogerus@...ux.intel.com>, Greg Kroah-Hartman
	<gregkh@...uxfoundation.org>
CC: "linux-usb@...r.kernel.org" <linux-usb@...r.kernel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"lvc-project@...uxtesting.org" <lvc-project@...uxtesting.org>
Subject: RE: [PATCH] usb: typec: anx7411: Fix possible buffer overflow in
 anx7411_send_msg()

Hi mrfoxygmfr, thanks for the fixing.

Reviewed-by: Xin Ji <xji@...logixsemi.com>

> -----Original Message-----
> From: mrfoxygmfr@...amp.ru <mrfoxygmfr@...amp.ru> On Behalf Of Grigory
> Bazilevich
> Sent: Sunday, March 17, 2024 4:34 AM
> To: Heikki Krogerus <heikki.krogerus@...ux.intel.com>; Greg Kroah-Hartman
> <gregkh@...uxfoundation.org>; Xin Ji <xji@...logixsemi.com>
> Cc: Grigory Bazilevich <bazilevich@...amp.ru>; linux-usb@...r.kernel.org; linux-
> kernel@...r.kernel.org; lvc-project@...uxtesting.org
> Subject: [PATCH] usb: typec: anx7411: Fix possible buffer overflow in
> anx7411_send_msg()
> 
> CAUTION: This email originated from outside of the organization. Please do not
> click links or open attachments unless you recognize the sender, and know the
> content is safe.
> 
> 
> Passing a size argument greater than or equal to MAX_BUF_LEN causes a buffer
> overflow when the checksum is written.
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Fixes: fe6d8a9c8e64 ("usb: typec: anx7411: Add Analogix PD ANX7411 support")
> Signed-off-by: Grigory Bazilevich <bazilevich@...amp.ru>
> ---
>  drivers/usb/typec/anx7411.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/usb/typec/anx7411.c b/drivers/usb/typec/anx7411.c index
> b12a07edc71b..70ba56dfb22b 100644
> --- a/drivers/usb/typec/anx7411.c
> +++ b/drivers/usb/typec/anx7411.c
> @@ -733,7 +733,7 @@ static int anx7411_send_msg(struct anx7411_data *ctx,
> u8 type, u8 *buf, u8 size)
>         u8 crc;
>         int ret;
> 
> -       size = min_t(u8, size, (u8)MAX_BUF_LEN);
> +       size = min_t(u8, size, (u8)(MAX_BUF_LEN - 1));
>         memcpy(msg->buf, buf, size);
>         msg->msg_type = type;
>         /* msg len equals buffer length + msg_type */
> --
> 2.39.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ