| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <8c358157-d28d-4c42-b983-4191061edd70@enpas.org> Date: Tue, 19 Nov 2024 09:48:53 +0900 From: Max Staudt <max@...as.org> To: Dan Carpenter <dan.carpenter@...aro.org>, Vincent Mailhol <mailhol.vincent@...adoo.fr> Cc: Marc Kleine-Budde <mkl@...gutronix.de>, Andrew Lunn <andrew+netdev@...n.ch>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, linux-can@...r.kernel.org, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org Subject: Re: [PATCH net] can: can327: fix snprintf() limit in can327_handle_prompt() Hi all, As promised, here is a patch cleaning up can327's payload "encoding" (the hex dump part), plus a comment explaining why Dan's finding turned out not to be security relevant. It's as Vincent already explained, plus additional background information: https://lore.kernel.org/linux-can/20241119003815.767004-1-max@enpas.org/T/ I've taken the liberty of not CC'ing the network maintainers on that patch, hence this email with a pointer to it for anyone interested. In the end, while it looked worrying at first, it ended up being just a minor cleanup. Thanks Dan for pointing out that ugly piece of code. I'd really like to one day find the time to do some further cleanup, and especially further commenting in order to reduce the bus factor, but oh well... Max
Powered by blists - more mailing lists