| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190731191446.o2ae53krxcpa4qfb@carbon>
Date: Wed, 31 Jul 2019 22:14:46 +0300
From: Petko Manolov <petkan@...leusys.com>
To: Denis Kirjanov <kda@...ux-powerpc.org>
Cc: davem@...emloft.net, netdev@...r.kernel.org
Subject: Re: [PATCH] net: usb: pegasus: fix improper read if get_registers()
fail
On 19-07-31 22:10:39, Petko Manolov wrote:
> On 19-07-30 15:13:57, Denis Kirjanov wrote:
> > get_registers() may fail with -ENOMEM and in this
> > case we can read a garbage from the status variable tmp.
> >
> > Reported-by: syzbot+3499a83b2d062ae409d4@...kaller.appspotmail.com
> > Signed-off-by: Denis Kirjanov <kda@...ux-powerpc.org>
> > ---
> > drivers/net/usb/pegasus.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/net/usb/pegasus.c b/drivers/net/usb/pegasus.c
> > index 6d25dea5ad4b..f7d117d80cfb 100644
> > --- a/drivers/net/usb/pegasus.c
> > +++ b/drivers/net/usb/pegasus.c
> > @@ -282,7 +282,7 @@ static void mdio_write(struct net_device *dev, int phy_id, int loc, int val)
> > static int read_eprom_word(pegasus_t *pegasus, __u8 index, __u16 *retdata)
> > {
> > int i;
> > - __u8 tmp;
> > + __u8 tmp = 0;
> > __le16 retdatai;
> > int ret;
>
> Unfortunately this patch does not fix anything. Even if get_registers() fail
> with -ENOMEM the "for" loop will cover for it and will exit only if the
> operation was successful or the device got disconnected. Please read the code
> carefully.
>
> So while the patch is harmless it isn't solving a problem.
Actually i am wrong - if "tmp" contains a random value it may accidentally have
the EPROM_DONE bit set.
Dave, please apply the patch.
thanks,
Petko
Powered by blists - more mailing lists