| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1334168217.2552.5.camel@bwh-desktop.uk.solarflarecom.com> Date: Wed, 11 Apr 2012 19:16:57 +0100 From: Ben Hutchings <bhutchings@...arflare.com> To: Stuart Hodgson <smhodgson@...arflare.com> CC: <netdev@...r.kernel.org>, <bruce.w.allan@...el.com>, <mirq-linux@...e.qmqm.pl>, <decot@...gle.com>, <amit.salecha@...gic.com>, <alexander.h.duyck@...el.com>, <davem@...emloft.net>, <linux-kernel@...r.kernel.org> Subject: Re: [RFC PATCH 1/2] net: ethtool: Add capability to retrieve plug-in module EEPROM On Wed, 2012-04-11 at 17:50 +0100, Stuart Hodgson wrote: > On 02/04/12 18:52, Ben Hutchings wrote: [...] > >> --- a/net/core/ethtool.c > >> +++ b/net/core/ethtool.c [...] > >> + if (eeprom.offset + eeprom.len> modinfo.eeprom_len) > >> + return -EINVAL; > >> + > >> + data = kmalloc(PAGE_SIZE, GFP_USER); > >> + if (!data) > >> + return -ENOMEM; > > > > What if some device has a larger EEPROM? Surely this length should be > > eeprom.len. > > > > Do you mean what if the eeprom length in te device is larger than > PAGE_SIZE? Yes. > If so then it should really use modinfo.eeprom_len since > this the size of the data. eeprom.len could be arbitary. No, eeprom.len is the size of the data and we've already validated it at this point. Ben. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists