From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751436AbdGRHAJ (ORCPT ); Tue, 18 Jul 2017 03:00:09 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:37074 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751026AbdGRHAH (ORCPT ); Tue, 18 Jul 2017 03:00:07 -0400 Date: Tue, 18 Jul 2017 09:00:01 +0200 From: Greg Kroah-Hartman To: Jacob von Chorus Cc: Insop Song , devel@driverdev.osuosl.org, linux-kernel@vger.kernel.org, dan.carpenter@oracle.com Subject: Re: [PATCH v2 1/2] staging: gs_fpgaboot: add buffer overflow checks Message-ID: <20170718070001.GA5255@kroah.com> References: <20170718004726.17227-1-jacobvonchorus@cwphoto.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170718004726.17227-1-jacobvonchorus@cwphoto.ca> User-Agent: Mutt/1.8.3 (2017-05-23) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jul 17, 2017 at 08:47:25PM -0400, Jacob von Chorus wrote: > Four fields in struct fpgaimage are char arrays of length MAX_STR (256). > The amount of data read into these buffers is controlled by a length > field in the bitstream file read from userspace. If a corrupt or > malicious firmware file was supplied, kernel data beyond these buffers > can be overwritten arbitrarily. > > This patch adds a check of the bitstream's length value to ensure it > fits within the bounds of the allocated buffers. An error condition is > returned from gs_read_bitstream if any of the reads fail. > > Signed-off-by: Jacob von Chorus > --- > drivers/staging/gs_fpgaboot/gs_fpgaboot.c | 48 ++++++++++++++++++++++++------- > 1 file changed, 37 insertions(+), 11 deletions(-) What changed from v1? Always list that below the --- line. Please fix up and resend... thanks, greg k-h