lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20241031210501.3da82113@jic23-huawei>
Date: Thu, 31 Oct 2024 21:05:01 +0000
From: Jonathan Cameron <jic23@...nel.org>
To: Nuno Sá <noname.nuno@...il.com>
Cc: Zicheng Qu <quzicheng@...wei.com>, nuno.sa@...log.com, lars@...afoo.de,
 Michael.Hennerich@...log.com, djunho@...il.com,
 alexandru.ardelean@...log.com, linux-iio@...r.kernel.org,
 linux-kernel@...r.kernel.org, tanghui20@...wei.com, zhangqiao22@...wei.com,
 judy.chenhui@...wei.com
Subject: Re: [PATCH v2] iio: adc: ad7923: Fix buffer overflow for tx_buf and
 ring_xfer

On Thu, 31 Oct 2024 15:20:24 +0100
Nuno Sá <noname.nuno@...il.com> wrote:

> On Tue, 2024-10-29 at 13:46 +0000, Zicheng Qu wrote:
> > The AD7923 was updated to support devices with 8 channels, but the size
> > of tx_buf and ring_xfer was not increased accordingly, leading to a
> > potential buffer overflow in ad7923_update_scan_mode().
> > 
> > Fixes: 851644a60d20 ("iio: adc: ad7923: Add support for the ad7908/ad7918/ad7928")
> > Cc: <stable@...r.kernel.org>
> > Signed-off-by: Nuno Sá <noname.nuno@...il.com>
> > Signed-off-by: Zicheng Qu <quzicheng@...wei.com>
> > ---  
> 
> Reviewed-by: Nuno Sa <nuno.sa@...log.com>
> 

Confusing one. I'll fix the authorship up for your analog address

Zicheng, usually a Suggested-by after checking with the author if it's
a patch in a review thread.

You can't really give someone elses' SoB without them explicitly sending it.
If Nuno let you know that was fine off the list, then just mention that under
---

This time I'm going to take Nuno's RB as fine to indicate no objection
to the SoB. Nuno, feel free to shout if you want to handle this differently.

Applied.

Jonathan


> > v2:
> > - Fixed: Addressed buffer overflow in ad7923_update_scan_mode() due to 
> > insufficient tx_buf and ring_xfer size for 8-channel devices.
> > - Issue: Original patch attempted to fix the overflow by limiting the 
> > length, but did not address the root cause of buffer size mismatch.
> > - Solution: Increased tx_buf and ring_xfer sizes recommended by Nuno to 
> > support all 8 channels, ensuring adequate buffer capacity.
> > - Previous patch link: 
> > https://lore.kernel.org/linux-iio/20241028142357.1032380-1-quzicheng@huawei.com/T/#u
> >  drivers/iio/adc/ad7923.c | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> > 
> > diff --git a/drivers/iio/adc/ad7923.c b/drivers/iio/adc/ad7923.c
> > index 09680015a7ab..acc44cb34f82 100644
> > --- a/drivers/iio/adc/ad7923.c
> > +++ b/drivers/iio/adc/ad7923.c
> > @@ -48,7 +48,7 @@
> >  
> >  struct ad7923_state {
> >  	struct spi_device		*spi;
> > -	struct spi_transfer		ring_xfer[5];
> > +	struct spi_transfer		ring_xfer[9];
> >  	struct spi_transfer		scan_single_xfer[2];
> >  	struct spi_message		ring_msg;
> >  	struct spi_message		scan_single_msg;
> > @@ -64,7 +64,7 @@ struct ad7923_state {
> >  	 * Length = 8 channels + 4 extra for 8 byte timestamp
> >  	 */
> >  	__be16				rx_buf[12] __aligned(IIO_DMA_MINALIGN);
> > -	__be16				tx_buf[4];
> > +	__be16				tx_buf[8];
> >  };
> >  
> >  struct ad7923_chip_info {  
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ