lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 12 Feb 2009 06:37:15 +0000 From: Jarek Poplawski <jarkao2@...il.com> To: Roel Kluin <roel.kluin@...il.com> Cc: "David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org, Andrew Morton <akpm@...ux-foundation.org>, philb@....org Subject: Re: [PATCH] 3c505: do not set pcb->data.raw beyond its size On Wed, Feb 11, 2009 at 11:55:40PM +0100, Roel Kluin wrote: > Many thanks, Jarek, > > Is this changelog ok? Yes, the changelog and patch look OK to me. Thanks, Jarek P. > ------------------------------>8----------------8<------------------------------ > > Ensure that we do not set pcb->data.raw beyond its size, print an error message > and return false if we attempt to. A timout message was printed one too early. > > Signed-off-by: Roel Kluin <roel.kluin@...il.com> > --- > diff --git a/drivers/net/3c505.c b/drivers/net/3c505.c > index 6124605..a8107f9 100644 > --- a/drivers/net/3c505.c > +++ b/drivers/net/3c505.c > @@ -493,21 +493,27 @@ static bool receive_pcb(struct net_device *dev, pcb_struct * pcb) > } > /* read the data */ > spin_lock_irqsave(&adapter->lock, flags); > - i = 0; > - do { > - j = 0; > - while (((stat = get_status(dev->base_addr)) & ACRF) == 0 && j++ < 20000); > - pcb->data.raw[i++] = inb_command(dev->base_addr); > - if (i > MAX_PCB_DATA) > - INVALID_PCB_MSG(i); > - } while ((stat & ASF_PCB_MASK) != ASF_PCB_END && j < 20000); > + for (i = 0; i < MAX_PCB_DATA; i++) { > + for (j = 0; j < 20000; j++) { > + stat = get_status(dev->base_addr); > + if (stat & ACRF) > + break; > + } > + pcb->data.raw[i] = inb_command(dev->base_addr); > + if ((stat & ASF_PCB_MASK) == ASF_PCB_END || j >= 20000) > + break; > + } > spin_unlock_irqrestore(&adapter->lock, flags); > + if (i >= MAX_PCB_DATA) { > + INVALID_PCB_MSG(i); > + return false; > + } > if (j >= 20000) { > TIMEOUT_MSG(__LINE__); > return false; > } > - /* woops, the last "data" byte was really the length! */ > - total_length = pcb->data.raw[--i]; > + /* the last "data" byte was really the length! */ > + total_length = pcb->data.raw[i]; > > /* safety check total length vs data length */ > if (total_length != (pcb->length + 2)) { -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists