From: Greg KH <greg@kroah.com>
To: Shaun Colley <shaunige@yahoo.co.uk>
Cc: linux-kernel@vger.kernel.org
Subject: Re: i2c device driver bugs
Date: Tue, 15 Jun 2004 09:13:08 -0700 [thread overview]
Message-ID: <20040615161307.GA13722@kroah.com> (raw)
In-Reply-To: <20040615153920.24928.qmail@web25105.mail.ukl.yahoo.com>
On Tue, Jun 15, 2004 at 04:39:20PM +0100, Shaun Colley wrote:
> Hi Greg,
>
> > Please let us know exactly what kernel version you
> > see this in. It
> > looks to me that it is fixed in the latest 2.4 and
> > 2.6 versions. If you
> > do not think so, please let us know.
>
> I was actually looking at a fairly old version of the
> source tree (2.4.19, 2.4.20) -- it appears that a
> quick fix fixed this vulnerability in 2.4.21:
>
> http://lxr.linux.no/diff/drivers/i2c/i2c-dev.c?diffval=2.4.21;diffvar=v
>
> If you scroll down a bit, you should see:
>
> ---
> if (rdwr_arg.nmsgs > 42)
> return -EINVAL;
> ---
>
> It looks like a quick sanity check was added in the
> 'I2C_RDWR' option, to fix the issue.
>
> I'm downloading the 2.4.21 patch to check if the
> fixing of this was recorded, or whether it was
> silently fixed (looks like it was).
>
> Confirmed. 2.4.21 fixed the bug:
What do you mean "silent"? I got fixed 15 months ago with the following
changeset:
http://linux.bkbits.net:8080/linux-2.4/diffs/drivers/i2c/i2c-dev.c@1.8
It was then fixed even better with the following change:
http://linux.bkbits.net:8080/linux-2.4/diffs/drivers/i2c/i2c-dev.c@1.9
almost a whole year ago.
> It's also fixed in all versions of 2.6...
>
> However, the vulnerbility seems to still be present in
> 2.5 -- latest version.
Heh, 2.5 development is dead, no one uses that kernel, just like no one
uses the most recent 2.3 kernel tree.
> So, to sum it up:
>
> - Not present in 2.2, because the driver wasn't
> implemented as fully as it is now.
> - Present in 2.4 versions 2.4.20 and below.
> - Present in 2.5
> - Not present in 2.6
Yes, this was a security issue a year ago, but has been fixed since
then. Vendors have released kernels that fix this issue for their 2.4
kernels. If not, I suggest you contact your vendor.
thanks again,
greg k-h
next prev parent reply other threads:[~2004-06-15 16:14 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-06-13 18:41 i2c device driver bugs Shaun Colley
2004-06-14 21:21 ` Greg KH
2004-06-15 15:39 ` Shaun Colley
2004-06-15 16:13 ` Greg KH [this message]
2004-06-15 16:33 ` Shaun Colley
[not found] ` <20040615163244.10651.qmail@web25103.mail.ukl.yahoo.com>
2004-06-15 16:36 ` Greg KH
2004-06-15 17:09 ` Shaun Colley
2004-06-17 23:56 ` Greg KH
-- strict thread matches above, loose matches on Subject: below --
2004-06-13 10:31 Shaun Colley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040615161307.GA13722@kroah.com \
--to=greg@kroah.com \
--cc=linux-kernel@vger.kernel.org \
--cc=shaunige@yahoo.co.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox