lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <AANLkTimX1MnVtbhrHFx7-jTA5XRpSvWn2uF3OiJU8WYM@mail.gmail.com>
Date:	Sat, 14 Aug 2010 10:45:39 +0100
From:	Dave Kilroy <kilroyd@...glemail.com>
To:	Denis Kirjanov <dkirjanov@...nel.org>
Cc:	linville@...driver.com, proski@....org,
	hermes@...son.dropbear.id.au, davem@...emloft.net,
	linux-wireless@...r.kernel.org,
	orinoco-devel@...ts.sourceforge.net, netdev@...r.kernel.org
Subject: Re: [PATCH] orinoco: Fix walking past the end of the buffer

On Wed, Aug 11, 2010 at 9:32 PM, Denis Kirjanov <dkirjanov@...nel.org> wrote:
> diff --git a/drivers/net/wireless/orinoco/hw.c b/drivers/net/wireless/orinoco/hw.c
> index 077baa8..191bc03 100644
> --- a/drivers/net/wireless/orinoco/hw.c
> +++ b/drivers/net/wireless/orinoco/hw.c
> @@ -765,9 +765,12 @@ int orinoco_hw_get_act_bitrate(struct orinoco_private *priv, int *bitrate)
>                        if (bitrate_table[i].intersil_txratectrl == val)
>                                break;
>
> -               if (i >= BITRATE_TABLE_SIZE)
> +               if (i >= BITRATE_TABLE_SIZE) {
>                        printk(KERN_INFO "%s: Unable to determine current bitrate (0x%04hx)\n",
>                               priv->ndev->name, val);
> +                       *bitrate = 100001; /* Mark as invalid */

We should propogate the failure by returning an error in the return
code rather than a cryptic bitrate value. The calling function(s)
should then propogate the error through wext/cfg80211 as appropriate.

> +                       break;
> +               }
>
>                *bitrate = bitrate_table[i].bitrate * 100000;
>                break;

We can also make the structure easier to understand by setting the
bitrate within the for loop. Something like the following (I only have
access to gmail ATM, so can't format a proper patch):

		for (i = 0; i < BITRATE_TABLE_SIZE; i++)
			if (bitrate_table[i].intersil_txratectrl == val) {
				*bitrate = bitrate_table[i].bitrate * 100000;
				break;
			}

		if (i >= BITRATE_TABLE_SIZE) {
			printk(KERN_INFO "%s: Unable to determine current bitrate (0x%04hx)\n",
			       priv->ndev->name, val);
			err = -EIO; /* maybe chose a better value... */
		}

		break;

Could you update the patch along those lines please?

Thanks,

Dave.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ