From: Jonathan Cameron <jic23@cam.ac.uk>
To: akpm@linux-foundation.org
Cc: roel.kluin@gmail.com, david.vrabel@csr.com,
linux-mmc@vger.kernel.org,
"libertas-dev@lists.infradead.org"
<libertas-dev@lists.infradead.org>
Subject: Re: [patch 077/232] sdio: fix read buffer overflow
Date: Thu, 01 Oct 2009 11:08:04 +0100 [thread overview]
Message-ID: <4AC47F84.20806@cam.ac.uk> (raw)
In-Reply-To: <200909222345.n8MNj9kq013725@imap1.linux-foundation.org>
Hi All,
This patch is causing a regression with libertas 8686.
It's only finding 3 strings which I'm guessing means
it is an invalid CISTPL_VERS_1. Unfortunately the libertas_sdio
code relies on a string in one of them to tell it what model of
card we have.
Can someone confirm what the CIS_VERS_1 spec actually is?
I've found one vague reference to entries 3 and 4 being optional
but the simplified sdio spec refers to the pcmcia 3.2.10 spec
which I don't have easy access to.
Any suggestions on a work around?
Thanks,
Jonathan
> From: Roel Kluin <roel.kluin@gmail.com>
>
> Avoid buffer underrun when parsing an invalid CISTPL_VERS_1.
>
> Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
> Cc: David Vrabel <david.vrabel@csr.com>
> Cc: <linux-mmc@vger.kernel.org>
> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
> ---
>
> drivers/mmc/core/sdio_cis.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff -puN drivers/mmc/core/sdio_cis.c~sdio-fix-read-buffer-overflow drivers/mmc/core/sdio_cis.c
> --- a/drivers/mmc/core/sdio_cis.c~sdio-fix-read-buffer-overflow
> +++ a/drivers/mmc/core/sdio_cis.c
> @@ -40,7 +40,7 @@ static int cistpl_vers_1(struct mmc_card
> nr_strings++;
> }
>
> - if (buf[i-1] != '\0') {
> + if (nr_strings < 4) {
> printk(KERN_WARNING "SDIO: ignoring broken CISTPL_VERS_1\n");
> return 0;
> }
> _
> --
> To unsubscribe from this list: send the line "unsubscribe linux-mmc" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
next prev parent reply other threads:[~2009-10-01 10:07 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-09-22 23:45 [patch 077/232] sdio: fix read buffer overflow akpm
2009-10-01 10:08 ` Jonathan Cameron [this message]
2009-10-01 11:12 ` David Vrabel
2009-10-01 11:16 ` David Vrabel
2009-10-01 14:11 ` Jonathan Cameron
2009-10-06 21:49 ` Bing Zhao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4AC47F84.20806@cam.ac.uk \
--to=jic23@cam.ac.uk \
--cc=akpm@linux-foundation.org \
--cc=david.vrabel@csr.com \
--cc=libertas-dev@lists.infradead.org \
--cc=linux-mmc@vger.kernel.org \
--cc=roel.kluin@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.