lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aJB6u1WoNjiE-tZz@shikoro>
Date: Mon, 4 Aug 2025 11:17:47 +0200
From: Wolfram Sang <wsa+renesas@...g-engineering.com>
To: Sven Eckelmann <sven@...fation.org>
Cc: chris.packham@...iedtelesis.co.nz, Alex Guo <alexguo1023@...il.com>,
	andi.shyti@...nel.org, linux-i2c@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] i2c: rtl9300: Fix out-of-bounds bug in
 rtl9300_i2c_smbus_xfer

On Mon, Aug 04, 2025 at 10:18:53AM +0200, Sven Eckelmann wrote:
> On Monday, 16 June 2025 01:52:48 CEST Alex Guo wrote:
> > The data->block[0] variable comes from user. Without proper check,
> > the variable may be very large to cause an out-of-bounds bug.
> > 
> > Fix this bug by checking the value of data->block[0] first.
> > 
> > Similar commit:
> > 1. commit 39244cc7548 ("i2c: ismt: Fix an out-of-bounds bug in
> > ismt_access()")
> > 2. commit 92fbb6d1296 ("i2c: xgene-slimpro: Fix out-of-bounds
> > bug in xgene_slimpro_i2c_xfer()")
> [...]
> 
> Please correct me but it looks like this fix was not yet applied to the tree. 
> But Chris Packham pointed out that this conflicts with my fixes for SMBUS/
> SMBUS_I2C.
> 
> I would like to add my patchset on top of this (to avoid problems with stable 
> submission) and add the Fixes: and Cc: stable@...r.kernel.org.
> 
> I hope it is ok for you when I would pick this up. I would resubmit the fixes 
> patchset this evening (GMT+2).
> 
> You can preview it at 
> https://git.open-mesh.org/linux-merge.git/log/?h=b4/i2c-rtl9300-multi-byte

Yes, we can do that. In general, it doesn't make sense to add this check
when the ultimate goal is to support SMBus v3 which doesn't need the
check anymore. But if it is blocking further development, we can apply
this. The check will be removed when SMBus v3 support comes in.


Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ