lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <4ed54857ed03779ee07d0dce66d6cd9c25c481e6.camel@gmail.com>
Date: Mon, 04 Nov 2024 10:13:25 +0100
From: Nuno Sá <noname.nuno@...il.com>
To: Jonathan Cameron <jic23@...nel.org>
Cc: Zicheng Qu <quzicheng@...wei.com>, nuno.sa@...log.com, lars@...afoo.de, 
 Michael.Hennerich@...log.com, djunho@...il.com,
 alexandru.ardelean@...log.com,  linux-iio@...r.kernel.org,
 linux-kernel@...r.kernel.org, tanghui20@...wei.com, 
 zhangqiao22@...wei.com, judy.chenhui@...wei.com
Subject: Re: [PATCH v2] iio: adc: ad7923: Fix buffer overflow for tx_buf and
 ring_xfer

On Thu, 2024-10-31 at 21:05 +0000, Jonathan Cameron wrote:
> On Thu, 31 Oct 2024 15:20:24 +0100
> Nuno Sá <noname.nuno@...il.com> wrote:
> 
> > On Tue, 2024-10-29 at 13:46 +0000, Zicheng Qu wrote:
> > > The AD7923 was updated to support devices with 8 channels, but the size
> > > of tx_buf and ring_xfer was not increased accordingly, leading to a
> > > potential buffer overflow in ad7923_update_scan_mode().
> > > 
> > > Fixes: 851644a60d20 ("iio: adc: ad7923: Add support for the
> > > ad7908/ad7918/ad7928")
> > > Cc: <stable@...r.kernel.org>
> > > Signed-off-by: Nuno Sá <noname.nuno@...il.com>
> > > Signed-off-by: Zicheng Qu <quzicheng@...wei.com>
> > > ---  
> > 
> > Reviewed-by: Nuno Sa <nuno.sa@...log.com>
> > 
> 
> Confusing one. I'll fix the authorship up for your analog address
> 
> Zicheng, usually a Suggested-by after checking with the author if it's
> a patch in a review thread.
> 
> You can't really give someone elses' SoB without them explicitly sending it.
> If Nuno let you know that was fine off the list, then just mention that under
> ---
> 
> This time I'm going to take Nuno's RB as fine to indicate no objection
> to the SoB. Nuno, feel free to shout if you want to handle this differently.
> 

Oh, TBH, I did not realized by SOB tag was there. I'm fine with it even though I
agree a Suggested-by would likely make more sense.

- Nuno Sá
  
> Applied.
> 
> Jonathan
> 
> 
> > > v2:
> > > - Fixed: Addressed buffer overflow in ad7923_update_scan_mode() due to 
> > > insufficient tx_buf and ring_xfer size for 8-channel devices.
> > > - Issue: Original patch attempted to fix the overflow by limiting the 
> > > length, but did not address the root cause of buffer size mismatch.
> > > - Solution: Increased tx_buf and ring_xfer sizes recommended by Nuno to 
> > > support all 8 channels, ensuring adequate buffer capacity.
> > > - Previous patch link: 
> > > https://lore.kernel.org/linux-iio/20241028142357.1032380-1-quzicheng@huawei.com/T/#u
> > >  drivers/iio/adc/ad7923.c | 4 ++--
> > >  1 file changed, 2 insertions(+), 2 deletions(-)
> > > 
> > > diff --git a/drivers/iio/adc/ad7923.c b/drivers/iio/adc/ad7923.c
> > > index 09680015a7ab..acc44cb34f82 100644
> > > --- a/drivers/iio/adc/ad7923.c
> > > +++ b/drivers/iio/adc/ad7923.c
> > > @@ -48,7 +48,7 @@
> > >  
> > >  struct ad7923_state {
> > >  	struct spi_device		*spi;
> > > -	struct spi_transfer		ring_xfer[5];
> > > +	struct spi_transfer		ring_xfer[9];
> > >  	struct spi_transfer		scan_single_xfer[2];
> > >  	struct spi_message		ring_msg;
> > >  	struct spi_message		scan_single_msg;
> > > @@ -64,7 +64,7 @@ struct ad7923_state {
> > >  	 * Length = 8 channels + 4 extra for 8 byte timestamp
> > >  	 */
> > >  	__be16				rx_buf[12]
> > > __aligned(IIO_DMA_MINALIGN);
> > > -	__be16				tx_buf[4];
> > > +	__be16				tx_buf[8];
> > >  };
> > >  
> > >  struct ad7923_chip_info {  
> > 
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ