| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1463275917.2631.31.camel@decadent.org.uk>
Date: Sun, 15 May 2016 02:31:57 +0100
From: Ben Hutchings <ben@...adent.org.uk>
To: Michael Chan <michael.chan@...adcom.com>, davem@...emloft.net
Cc: netdev@...r.kernel.org
Subject: Re: [PATCH net-next 2/9] bnxt_en: Add Support for
ETHTOOL_GMODULEINFO and ETHTOOL_GMODULEEEPRO
On Sat, 2016-05-14 at 20:29 -0400, Michael Chan wrote:
> From: Ajit Khaparde <ajit.khaparde@...adcom.com>
[...]
> + /* Read A2 portion of the EEPROM */
> + if (length) {
> + start -= ETH_MODULE_SFF_8436_LEN;
> + bnxt_read_sfp_module_eeprom_info(bp, I2C_DEV_ADDR_A2, 1, start,
> + length, data + start);
The output address calculation (data + start) makes no sense at all.
If eeprom->offset < ETH_MODULE_SFF_8436_LEN then start == 0 here and
this read overwrites earlier data in the output buffer. If
eeeprom->offset > ETH_MODULE_SFF_8436_LEN then start > 0 here and this
overruns the output buffer.
I think that 'data' should be incremented along with 'start' in the
previous if-block.
Ben.
> + }
> + return rc;
> +}
[...]
--
Ben Hutchings
For every action, there is an equal and opposite criticism. - Harrison
Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists