| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aCWuCPsm+G5EBOt/@home.paul.comp>
Date: Thu, 15 May 2025 12:04:08 +0300
From: Paul Fertser <fercerpav@...il.com>
To: Jerry C Chen <Jerry_C_Chen@...ynn.com>
Cc: patrick@...cx.xyz, Samuel Mendoza-Jonas <sam@...dozajonas.com>,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>, Simon Horman <horms@...nel.org>,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v1] net/ncsi: fix buffer overflow in getting version id
Hello Jerry,
This looks like an updated version of your previous patch[0] but you
have forgotten to increase the number in the Subject. You have also
forgotten to reply and take into account /some/ of the points I raised
in the review.
On Thu, May 15, 2025 at 04:34:47PM +0800, Jerry C Chen wrote:
> In NC-SI spec v1.2 section 8.4.44.2, the firmware name doesn't
> need to be null terminated while its size occupies the full size
> of the field. Fix the buffer overflow issue by adding one
> additional byte for null terminator.
...
Please give an answer to every comment I made for your previous patch
version and either make a corresponding change or explain why exactly
you disagree.
Also please stop sending any and all "proprietary or confidential
information".
[0] https://patchwork.kernel.org/project/netdevbpf/patch/20250227055044.3878374-1-Jerry_C_Chen@wiwynn.com/
Powered by blists - more mailing lists