| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <8a72ffa5-dac5-6de8-f01e-dfbb98b1f024@hartkopp.net>
Date: Sun, 27 Jan 2019 19:22:38 +0100
From: Oliver Hartkopp <socketcan@...tkopp.net>
To: Sasha Levin <sashal@...nel.org>
Cc: davem@...emloft.net, netdev@...r.kernel.org,
stable@...r.kernel.org, linux-can@...r.kernel.org,
lifeasageek@...il.com, threeearcat@...il.com,
syzkaller@...glegroups.com, nautsch2@...il.com,
Kyungtae Kim <kt0755@...il.com>,
Marc Kleine-Budde <mkl@...gutronix.de>
Subject: Re: [PATCH] [stable pre-4.8] can: bcm: check timer values before
ktime conversion
Hi Sasha,
On 26.01.19 19:17, Sasha Levin wrote:
> On Thu, Jan 24, 2019 at 10:08:42AM +0100, Oliver Hartkopp wrote:
>> Kyungtae Kim detected a potential integer overflow in bcm_[rx|tx]_setup()
>> when the conversion into ktime multiplies the given value with
>> NSEC_PER_USEC
>> (1000).
>>
>> Reference: https://marc.info/?l=linux-can&m=154732118819828&w=2
>>
>> Add a check for the given tv_usec, so that the value stays below one
>> second.
>> Additionally limit the tv_sec value to a reasonable value for CAN related
>> use-cases of 400 days and ensure all values to be positive.
>>
>> This patch is the pre-4.8 version of upstream commit 93171ba6f1deffd8
>
> I can't find this commit id upstream, there's nothing with the same
> subject name, nor does this code exist upstream. What's going on?
Here we are (pulled by Linus some minutes ago):
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=93171ba6f1deffd82f381d36cb13177872d023f6
Can you go with this pre-4.8 version now?
Many thanks,
Oliver
Powered by blists - more mailing lists