lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 15 Jan 2020 17:29:02 +0000 From: Joakim Tjernlund <Joakim.Tjernlund@...inera.com> To: "linuxppc-dev@...ts.ozlabs.org" <linuxppc-dev@...ts.ozlabs.org>, "netdev@...r.kernel.org" <netdev@...r.kernel.org>, "colin.king@...onical.com" <colin.king@...onical.com>, "qiang.zhao@....com" <qiang.zhao@....com>, "davem@...emloft.net" <davem@...emloft.net> CC: "kernel-janitors@...r.kernel.org" <kernel-janitors@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: Re: [PATCH] net/wan/fsl_ucc_hdlc: fix out of bounds write on array utdm_info On Tue, 2020-01-14 at 14:54 +0000, Colin King wrote: > > From: Colin Ian King <colin.king@...onical.com> > > Array utdm_info is declared as an array of MAX_HDLC_NUM (4) elements > however up to UCC_MAX_NUM (8) elements are potentially being written > to it. Currently we have an array out-of-bounds write error on the > last 4 elements. Fix this by making utdm_info UCC_MAX_NUM elements in > size. > > Addresses-Coverity: ("Out-of-bounds write") > Fixes: c19b6d246a35 ("drivers/net: support hdlc function for QE-UCC") > Signed-off-by: Colin Ian King <colin.king@...onical.com> This should be sent to stable as well Cc: <stable@...r.kernel.org> # 4.19.x+ > --- > drivers/net/wan/fsl_ucc_hdlc.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/net/wan/fsl_ucc_hdlc.c b/drivers/net/wan/fsl_ucc_hdlc.c > index 94e870f48e21..9edd94679283 100644 > --- a/drivers/net/wan/fsl_ucc_hdlc.c > +++ b/drivers/net/wan/fsl_ucc_hdlc.c > @@ -73,7 +73,7 @@ static struct ucc_tdm_info utdm_primary_info = { > }, > }; > > -static struct ucc_tdm_info utdm_info[MAX_HDLC_NUM]; > +static struct ucc_tdm_info utdm_info[UCC_MAX_NUM]; > > static int uhdlc_init(struct ucc_hdlc_private *priv) > { > -- > 2.24.0 >
Powered by blists - more mailing lists