lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20250227055044.3878374-1-Jerry_C_Chen@wiwynn.com>
Date: Thu, 27 Feb 2025 13:50:44 +0800
From: Jerry C Chen <Jerry_C_Chen@...ynn.com>
To: patrick@...cx.xyz,
	Samuel Mendoza-Jonas <sam@...dozajonas.com>,
	Paul Fertser <fercerpav@...il.com>,
	"David S. Miller" <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>,
	Jakub Kicinski <kuba@...nel.org>,
	Paolo Abeni <pabeni@...hat.com>,
	Simon Horman <horms@...nel.org>
Cc: Jerry C Chen <Jerry_C_Chen@...ynn.com>,
	netdev@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: [PATCH v1] net/ncsi: fix buffer overflow in getting version id

In NC-SI spec v1.2 section 8.4.44.2, the firmware name doesn't
need to be null terminated while its size occupies the full size
of the field. Fix the buffer overflow issue by adding one
additional byte for null terminator.

Signed-off-by: Jerry C Chen <Jerry_C_Chen@...ynn.com>
---
 net/ncsi/internal.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/ncsi/internal.h b/net/ncsi/internal.h
index 4e0842df5234..fb918af74521 100644
--- a/net/ncsi/internal.h
+++ b/net/ncsi/internal.h
@@ -110,7 +110,7 @@ struct ncsi_channel_version {
        u8   update;            /* NCSI version update */
        char alpha1;            /* NCSI version alpha1 */
        char alpha2;            /* NCSI version alpha2 */
-       u8  fw_name[12];        /* Firmware name string                */
+       u8  fw_name[12+1];      /* Firmware name string               */
        u32 fw_version;         /* Firmware version                   */
        u16 pci_ids[4];         /* PCI identification                 */
        u32 mf_id;              /* Manufacture ID                     */
--
2.25.1

WIWYNN PROPRIETARY
This email (and any attachments) contains proprietary or confidential information and is for the sole use of its intended recipient. Any unauthorized review, use, copying or distribution of this email or the content of this email is strictly prohibited. If you are not the intended recipient, please notify the sender and delete this email immediately.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ