| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 31 Jul 2019 22:10:40 +0300
From: Petko Manolov <petkan@...leusys.com>
To: Denis Kirjanov <kda@...ux-powerpc.org>
Cc: davem@...emloft.net, netdev@...r.kernel.org
Subject: Re: [PATCH] net: usb: pegasus: fix improper read if get_registers()
fail
On 19-07-30 15:13:57, Denis Kirjanov wrote:
> get_registers() may fail with -ENOMEM and in this
> case we can read a garbage from the status variable tmp.
>
> Reported-by: syzbot+3499a83b2d062ae409d4@...kaller.appspotmail.com
> Signed-off-by: Denis Kirjanov <kda@...ux-powerpc.org>
> ---
> drivers/net/usb/pegasus.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/net/usb/pegasus.c b/drivers/net/usb/pegasus.c
> index 6d25dea5ad4b..f7d117d80cfb 100644
> --- a/drivers/net/usb/pegasus.c
> +++ b/drivers/net/usb/pegasus.c
> @@ -282,7 +282,7 @@ static void mdio_write(struct net_device *dev, int phy_id, int loc, int val)
> static int read_eprom_word(pegasus_t *pegasus, __u8 index, __u16 *retdata)
> {
> int i;
> - __u8 tmp;
> + __u8 tmp = 0;
> __le16 retdatai;
> int ret;
Unfortunately this patch does not fix anything. Even if get_registers() fail
with -ENOMEM the "for" loop will cover for it and will exit only if the
operation was successful or the device got disconnected. Please read the code
carefully.
So while the patch is harmless it isn't solving a problem.
cheers,
Petko
Powered by blists - more mailing lists