| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 25 Dec 2018 22:34:41 -0600
From: Kangjie Lu <kjlu@....edu>
To: kjlu@....edu
Cc: pakki001@....edu, "David S. Miller" <davem@...emloft.net>,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH] wan: fix a missing check of spi_write_then_read
When spi_write_then_read() fails, "data" can be uninitialized and thus
may contain a random value; the following execution checks "data" with a
mask, the result could be random.
The fix inserts a check of spi_write_then_read(): if it fails, always
returns -1.
Signed-off-by: Kangjie Lu <kjlu@....edu>
---
drivers/net/wan/slic_ds26522.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wan/slic_ds26522.c b/drivers/net/wan/slic_ds26522.c
index 1f6bc8791d51..89681910d875 100644
--- a/drivers/net/wan/slic_ds26522.c
+++ b/drivers/net/wan/slic_ds26522.c
@@ -64,8 +64,9 @@ static u8 slic_read(struct spi_device *spi, u16 addr)
temp[0] = (u8)(((addr >> 8) & 0x7f) | 0x80);
temp[1] = (u8)(addr & 0xfe);
- spi_write_then_read(spi, &temp[0], SLIC_TWO_LEN, &data,
- SLIC_TRANS_LEN);
+ if (spi_write_then_read(spi, &temp[0], SLIC_TWO_LEN, &data,
+ SLIC_TRANS_LEN))
+ return -1;
data = bitrev8(data);
return data;
--
2.17.2 (Apple Git-113)
Powered by blists - more mailing lists