From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Jacob von Chorus <jacobvonchorus@cwphoto.ca>
Cc: Insop Song <insop.song@gainspeed.com>,
devel@driverdev.osuosl.org, linux-kernel@vger.kernel.org,
dan.carpenter@oracle.com
Subject: Re: [PATCH v3/resubmit 1/3] staging: gs_fpgaboot: add buffer overflow checks
Date: Thu, 27 Jul 2017 21:57:12 -0700 [thread overview]
Message-ID: <20170728045712.GA32490@kroah.com> (raw)
In-Reply-To: <20170727011359.2265-1-jacobvonchorus@cwphoto.ca>
On Wed, Jul 26, 2017 at 09:13:57PM -0400, Jacob von Chorus wrote:
> Four fields in struct fpgaimage are char arrays of length MAX_STR (256).
> The amount of data read into these buffers is controlled by a length
> field in the bitstream file read from userspace. If a corrupt or
> malicious firmware file was supplied, kernel data beyond these buffers
> can be overwritten arbitrarily.
>
> This patch adds a check of the bitstream's length value to ensure it
> fits within the bounds of the allocated buffers. An error condition is
> returned from gs_read_bitstream if any of the reads fail.
>
> Signed-off-by: Jacob von Chorus <jacobvonchorus@cwphoto.ca>
>
> v3:
> - use >= to prevent an integer overflow in the comparison
> - use get_unaligned_be functions to interpret length fields
> - fix remainder of file to use valid error codes
>
> v2:
> - char arrays converted to u8 arrays
> - replace error return value with proper error code in
> gs_read_bitstream
> ---
All of the v2: and such needs to go below the --- line, as
Documentation/SubmittingPatches says to do.
Please fix that up and resend the series.
thanks,
greg k-h
next prev parent reply other threads:[~2017-07-28 4:57 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-27 1:13 [PATCH v3/resubmit 1/3] staging: gs_fpgaboot: add buffer overflow checks Jacob von Chorus
2017-07-27 1:13 ` [PATCH v3/resubmit 2/3] staging: gs_fpgaboot: change char to u8 Jacob von Chorus
2017-07-27 1:13 ` [PATCH v3/resubmit 3/3] staging: gs_fpgaboot: return valid error codes Jacob von Chorus
2017-07-28 4:57 ` Greg Kroah-Hartman [this message]
-- strict thread matches above, loose matches on Subject: below --
2017-07-28 21:06 [PATCH v3/resubmit 1/3] staging: gs_fpgaboot: add buffer overflow checks Jacob von Chorus
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170728045712.GA32490@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=dan.carpenter@oracle.com \
--cc=devel@driverdev.osuosl.org \
--cc=insop.song@gainspeed.com \
--cc=jacobvonchorus@cwphoto.ca \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.