lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <d146fb2c-50bb-4339-b330-155f22879446@kernel.org>
Date: Wed, 3 Jul 2024 07:02:40 +0200
From: Krzysztof Kozlowski <krzk@...nel.org>
To: Aleksandr Mishin <amishin@...rgos.ru>,
 Samuel Ortiz <sameo@...ux.intel.com>
Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
 lvc-project@...uxtesting.org
Subject: Re: [PATCH] nfc: pn533: Add poll mod list filling check

On 02/07/2024 11:39, Aleksandr Mishin wrote:
> In case of im_protocols value is 1 and tm_protocols value is 0 this

Which im protocol has value 1 in the mask?

The pn533_poll_create_mod_list() handles all possible masks, so your
case is just not possible to happen.

This patch is purely to satisfy (your) static analyzers, so this should
be clear in commit msg. You are not fixing any bug but adding sort of
defensive code and suppresion of false-positive warning...

> combination successfully passes the check
> 'if (!im_protocols && !tm_protocols)' in the nfc_start_poll().
> But then after pn533_poll_create_mod_list() call in pn533_start_poll()
> poll mod list will remain empty and dev->poll_mod_count will remain 0
> which lead to division by zero.
> 
> Add poll mod list filling check.
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Fixes: dfccd0f58044 ("NFC: pn533: Add some polling entropy")
> Signed-off-by: Aleksandr Mishin <amishin@...rgos.ru>
> ---
>  drivers/nfc/pn533/pn533.c | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/drivers/nfc/pn533/pn533.c b/drivers/nfc/pn533/pn533.c
> index b19c39dcfbd9..e2bc67300a91 100644
> --- a/drivers/nfc/pn533/pn533.c
> +++ b/drivers/nfc/pn533/pn533.c
> @@ -1723,6 +1723,11 @@ static int pn533_start_poll(struct nfc_dev *nfc_dev,
>  	}
>  
>  	pn533_poll_create_mod_list(dev, im_protocols, tm_protocols);
> +	if (!dev->poll_mod_count) {
> +		nfc_err(dev->dev,
> +			"Poll mod list is empty\n");

Odd wrapping.

> +		return -EINVAL;
> +	}
>  
>  	/* Do not always start polling from the same modulation */
>  	get_random_bytes(&rand_mod, sizeof(rand_mod));

Best regards,
Krzysztof

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ