lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20120305063349.GE1003@mwanda>
Date:	Mon, 5 Mar 2012 09:33:49 +0300
From:	Dan Carpenter <dan.carpenter@...cle.com>
To:	santosh prasad nayak <santoshprasadnayak@...il.com>
Cc:	David Miller <davem@...emloft.net>, masa-korg@....okisemi.com,
	paul.gortmaker@...driver.com, jeffrey.t.kirsher@...el.com,
	mirq-linux@...e.qmqm.pl, netdev@...r.kernel.org,
	kernel-janitors@...r.kernel.org
Subject: Re: [patch] pch_gbe: memory corruption calling
 pch_gbe_validate_option()

On Mon, Mar 05, 2012 at 11:04:49AM +0530, santosh prasad nayak wrote:
> Dan,
> 
>         Your fix may introduce new bug.
> 
>          hw->phy.autoneg_advertised = tmp
> 
>        Assigning signed integer to unsigned short  leads to bit truncation.

In this case it doesn't.  It's going to be 0x2f or less.  I
obviously checked this before I submitted the patch.

>        Is it safe for both Big-endian and little endian format ?

It's CPU endian in both cases.

> 
>        AutoNeg is initialized with a Negative value (OPTION_UNSET)
>         Won't it create any issue with above assignment ?
> 

Nope.  It gets set to 0x2f inside pch_gbe_validate_option().

> 
> The simpler fix is to make "autoneg_advertised" signed integer.
> 
> struct pch_gbe_phy_info {
>         u32 addr;
>         u32 id;
>         u32 revision;
>         u32 reset_delay_us;
>         u16 autoneg_advertised;     // ==> int autoneg_advertised
> };
> 

The better fix would be to change pch_gbe_validate_option() so it
isn't so easy to call improperly.  I would have done that except
that probably we won't introduce many more callers, it seemed
like a lot of work and I don't have the hardware to test the
results.

regards,
dan carpenter


Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ