lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 20 Jul 2014 22:25:45 -0700 (PDT)
From:	David Miller <davem@...emloft.net>
To:	tilman@...p.cc
Cc:	netdev@...r.kernel.org, dan.carpenter@...cle.com,
	isdn@...ux-pingi.de, isdn4linux@...tserv.isdn4linux.de
Subject: Re: [PATCH] isdn/capi: avoid index overrun from command_2_index()

From: Tilman Schmidt <tilman@...p.cc>
Date: Sun, 20 Jul 2014 15:49:12 +0200 (CEST)

> The result of the function command_2_index() is used to index two
> arrays mnames[] and cpars[] with max. index 0x4e but in its current
> form that function can produce results up to 3*(0x9+0x9)+0x7f = 0xb5.
> Legal values for the function's first argument (c) according to the
> CAPI 2.0 standard are 0x00..0x08, 0x41, 0x80, 0x82..0x88, and 0xff.
> This patch modifies command_2_index() in such a way that the result
> is unchanged for legal values of c, and guaranteed to be less or
> equal to 0x4e for any argument values.
> 
> Reported-by: Dan Carpenter <dan.carpenter@...cle.com>
> Signed-off-by: Tilman Schmidt <tilman@...p.cc>

Command value validation should occur at the callers, signalling
errors if invalid values are seen, and command_2_index() should
BUG_ON() such invalid values.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ