| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6486d80d.5d0a0220.bb6d6.3cbd@mx.google.com>
Date: Sun, 11 Jun 2023 18:04:31 +0200
From: Christian Marangi <ansuelsmth@...il.com>
To: Dan Carpenter <dan.carpenter@...aro.org>
Cc: Andrew Lunn <andrew@...n.ch>, Florian Fainelli <f.fainelli@...il.com>,
Vladimir Oltean <olteanv@...il.com>,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
Pavel Machek <pavel@....cz>, netdev@...r.kernel.org,
kernel-janitors@...r.kernel.org
Subject: Re: [PATCH net-XXX] net: dsa: qca8k: uninitialized variable in
hw_control_get()
On Mon, Jun 12, 2023 at 10:20:55AM +0300, Dan Carpenter wrote:
> The caller, netdev_trig_activate(), passes an uninitialized value for
> *rules. This function sets bits to one but it doesn't zero out any
> bits so there is a potential for uninitialized data to be used.
> Zero out the *rules at the start of the function.
>
> Fixes: e0256648c831 ("net: dsa: qca8k: implement hw_control ops")
> Signed-off-by: Dan Carpenter <dan.carpenter@...aro.org>
Thanks for the fix but I wonder if this should be better fixed in
netdev_trig_activate? By setting the mode as 0 directly there?
I assume other dev implementing the get ops would do the same mistake.
--
Ansuel
Powered by blists - more mailing lists