lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <54ECD78F.7040607@cogentembedded.com>
Date:	Tue, 24 Feb 2015 22:57:03 +0300
From:	Sergei Shtylyov <sergei.shtylyov@...entembedded.com>
To:	Ameen Ali <ameenali023@...il.com>, kas@...muni.cz
CC:	netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/2] cosa.c : Array index 'i' is used before limits check.

Hello.

On 02/24/2015 10:52 PM, Ameen Ali wrote:

> avoid out-of-bounds-read by checking count before indexing.

> Signed-off-by: Ameen Ali <Ameenali023@...il.com>
> ---
>   drivers/net/wan/cosa.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)

> diff --git a/drivers/net/wan/cosa.c b/drivers/net/wan/cosa.c
> index 83c39e2..5252e21 100644
> --- a/drivers/net/wan/cosa.c
> +++ b/drivers/net/wan/cosa.c
> @@ -376,7 +376,7 @@ static int __init cosa_init(void)
>   	}
>   	for (i=0; i<MAX_CARDS; i++)
>   		cosa_cards[i].num = -1;
> -	for (i=0; io[i] != 0 && i < MAX_CARDS; i++)
> +	for (i=0; (i < MAX_CARDS) && (io[i] != 0) ; i++)

    Parens you've added aren't necessary.
    I suggest to add spaces after and before = in the first expression.

[...]

WBR, Sergei

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ