lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed,  3 Apr 2024 21:15:16 +0800
From: Kent Gibson <warthog618@...il.com>
To: linux-kernel@...r.kernel.org,
	linux-gpio@...r.kernel.org,
	brgl@...ev.pl,
	linus.walleij@...aro.org
Cc: Kent Gibson <warthog618@...il.com>
Subject: [PATCH 0/2] gpio: cdev: label sanitization fixes

This series fixes a couple of bugs in the sanitization of labels
being passed to irq.

Patch 1 fixes a missed path in the sanitization changes that can result
in memory corruption.

Patch 2 fixes the case where userspace provides empty labels.

I've placed my Patch 1 before Bart's Patch 2 as it has to relocate
make_irq_label() and free_irq_label(), while Bart's patch modifies
them. This order keeps the patch sizes minimal and the attribution
where it belongs.  Patch 2 has been very lightly modified to rebase it
onto Patch 1, including extending it to cover the modified error
return for the debounce_setup() case.

Cheers,
Kent.

Bartosz Golaszewski (1):
  gpio: cdev: check for NULL labels when sanitizing them for irqs

Kent Gibson (1):
  gpio: cdev: fix missed label sanitizing in debounce_setup()

 drivers/gpio/gpiolib-cdev.c | 48 ++++++++++++++++++++++++-------------
 1 file changed, 32 insertions(+), 16 deletions(-)


base-commit: 782f4e47ffc19622bf80b3c0cf9cadd2b0b9a644
-- 
2.39.2


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ