lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20240328112818.49c0de17@kernel.org>
Date: Thu, 28 Mar 2024 11:28:18 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: Aleksandr Mishin <amishin@...rgos.ru>
Cc: Sunil Goutham <sgoutham@...vell.com>, Linu Cherian
 <lcherian@...vell.com>, Geetha sowjanya <gakula@...vell.com>, Jerin Jacob
 <jerinj@...vell.com>, hariprasad <hkelam@...vell.com>, Subbaraya Sundeep
 <sbhatta@...vell.com>, "David S. Miller" <davem@...emloft.net>, Eric
 Dumazet <edumazet@...gle.com>, Paolo Abeni <pabeni@...hat.com>,
 <netdev@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
 <lvc-project@...uxtesting.org>
Subject: Re: [PATCH] octeontx2-af: Add array index check

On Thu, 28 Mar 2024 11:16:48 +0300 Aleksandr Mishin wrote:
> In rvu_map_cgx_lmac_pf() the 'iter', which is used as an array index, can reach
> value (up to 14) that exceed the size (MAX_LMAC_COUNT = 8) of the array.
> Fix this bug by adding 'iter' value check.

I'm guessing you got the 14 from:

	hw->lmac_per_cgx = (nix_const >> 8) & 0xFULL;

Seems more reasonable to cap the size at that point than every use
afterwards.
-- 
pw-bot: cr

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ