| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.64.0907251253350.26274@melkinkari.cs.Helsinki.FI>
Date: Sat, 25 Jul 2009 12:55:18 +0300 (EEST)
From: "Ilpo Järvinen" <ilpo.jarvinen@...sinki.fi>
To: Roel Kluin <roel.kluin@...il.com>
cc: "David S. Miller" <davem@...emloft.net>,
netdev <netdev@...r.kernel.org>,
Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: [PATCH] fealnx: Write outside array bounds
On Fri, 24 Jul 2009, Roel Kluin wrote:
> phy_idx is checked to be < 4, but np->phys[] is 2 elements long
>
> Signed-off-by: Roel Kluin <roel.kluin@...il.com>
> ---
> Or should the number of elements be increased?
>
> diff --git a/drivers/net/fealnx.c b/drivers/net/fealnx.c
> index 48385c4..100badd 100644
> --- a/drivers/net/fealnx.c
> +++ b/drivers/net/fealnx.c
> @@ -584,7 +584,7 @@ static int __devinit fealnx_init_one(struct pci_dev *pdev,
> if (np->flags == HAS_MII_XCVR) {
> int phy, phy_idx = 0;
>
> - for (phy = 1; phy < 32 && phy_idx < 4; phy++) {
> + for (phy = 1; phy < 32 && phy_idx < 2; phy++) {
> int mii_status = mdio_read(dev, phy, 1);
>
> if (mii_status != 0xffff && mii_status != 0x0000) {
In either of the case, one should use ARRAY_SIZE(np->phys) instead of the
number.
--
i.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists