lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20170913.092522.934509429497822082.davem@davemloft.net>
Date:   Wed, 13 Sep 2017 09:25:22 -0700 (PDT)
From:   David Miller <davem@...emloft.net>
To:     dan.carpenter@...cle.com
Cc:     vyasevich@...il.com, nhorman@...driver.com,
        linux-sctp@...r.kernel.org, netdev@...r.kernel.org,
        kernel-janitors@...r.kernel.org
Subject: Re: [PATCH net] sctp: potential read out of bounds in
 sctp_ulpevent_type_enabled()

From: Dan Carpenter <dan.carpenter@...cle.com>
Date: Wed, 13 Sep 2017 12:20:28 +0300

> @@ -154,7 +154,11 @@ static inline int sctp_ulpevent_type_enabled(__u16 sn_type,
>  					     struct sctp_event_subscribe *mask)
>  {
>  	char *amask = (char *) mask;
> -	return amask[sn_type - SCTP_SN_TYPE_BASE];
> +	int offset = sn_type - SCTP_SN_TYPE_BASE;

Please use reverse-christmas-tree local variable ordering.

Thank you.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ