Re: [PATCH 2/2] orinoco: prevent accessing memory outside the firmware image

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Dave <kilroyd@googlemail.com>
To: orinoco-devel@lists.sourceforge.net
Cc: linux-wireless@vger.kernel.org
Subject: Re: [PATCH 2/2] orinoco: prevent accessing memory outside the firmware image
Date: Fri, 20 Feb 2009 19:28:46 +0000	[thread overview]
Message-ID: <499F046E.2090609@gmail.com> (raw)
In-Reply-To: <1235087187-23425-3-git-send-email-kilroyd@googlemail.com>

David Kilroy wrote:
> Do this by indicating the end of the appropriate regions of memory.
> 
> Note that MAX_PDA_SIZE should only apply to the PDA block read from
> flash/EEPROM, and has been erronously applied to the pdr elements.
> Remove the macro, and use the actual PDA size passed down by the caller.
> 
> We also fix up some of the types used, marking as much as possible
> const, and using void* for the end pointers.
> 
> Signed-off-by: David Kilroy <kilroyd@googlemail.com>
> ---

I've missed (at least) a couple places where I need to add checks:

 * When looking for PDR for Symbol firmware.
 * When applying PDR data I need to check the data is within the FW image

I'll update this patch, address Andreys comments on the other, and resubmit.


Dave.

     prev parent reply	other threads:[~2009-02-20 19:28 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-02-19 23:46 [PATCH 0/2] orinoco: improve robustness of firmware load David Kilroy
2009-02-19 23:46 ` [PATCH 1/2] orinoco: validate firmware header David Kilroy
2009-02-20 18:26   ` [Orinoco-devel] " Andrey Borzenkov
2009-02-20 19:19     ` Dave
2009-02-19 23:46 ` [PATCH 2/2] orinoco: prevent accessing memory outside the firmware image David Kilroy
2009-02-20 19:28   ` Dave [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=499F046E.2090609@gmail.com \
    --to=kilroyd@googlemail.com \
    --cc=linux-wireless@vger.kernel.org \
    --cc=orinoco-devel@lists.sourceforge.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.