From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751374AbdGQMZs (ORCPT ); Mon, 17 Jul 2017 08:25:48 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:45648 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751304AbdGQMZr (ORCPT ); Mon, 17 Jul 2017 08:25:47 -0400 Date: Mon, 17 Jul 2017 14:25:41 +0200 From: Greg Kroah-Hartman To: Jacob von Chorus Cc: Insop Song , devel@driverdev.osuosl.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] staging: gs_fpgaboot: add buffer overflow checks Message-ID: <20170717122541.GA24503@kroah.com> References: <20170717003841.6317-1-jacobvonchorus@cwphoto.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170717003841.6317-1-jacobvonchorus@cwphoto.ca> User-Agent: Mutt/1.8.3 (2017-05-23) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Jul 16, 2017 at 08:38:41PM -0400, Jacob von Chorus wrote: > Four fields in struct fpgaimage are char arrays of length MAX_STR (256). > The amount of data read into these buffers is controlled by a length > field in the bitstream file read from userspace. If a corrupt or > malicious firmware file was supplied, kernel data beyond these buffers > can be overwritten arbitrarily. > > This patch adds a check of the bitstream's length value to ensure it > fits within the bounds of the allocated buffers. An error condition is > returned from gs_read_bitstream if any of the reads fail. > > This patch also fixes a checkpatch.pl CHECK in io.c by removing the FSF > address paragraph. Whenever you have a "also" in a patch changelog, that's a huge flag that this should be a separate patch. As is the case here, fixing the FSF address has nothing to do with the buffer overflow checks. Please break this up into two different patches. thanks, greg k-h