[mvebu] bus: moxtet: fix potential stack buffer overflow

Message ID	20200215142130.22743-1-marek.behun@nic.cz (mailing list archive)
State	Mainlined
Commit	3bf3c9744694803bd2d6f0ee70a6369b980530fd
Headers	show Return-Path: <SRS0=XATX=4D=linux.kernel.org=bounce+26986+1391+1554929+3438807@kernel.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2683B2086A DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D87622086A From: =?utf-8?q?Marek_Beh=C3=BAn?= <marek.behun@nic.cz> To: Linuxkernel+Patchwork-Soc via Email Integration <patchwork-soc@linux.kernel.org> Cc: arm@kernel.org, soc@kernel.org, =?utf-8?q?Marek_Beh=C3=BAn?= <marek.behun@nic.cz>, sohu0106 <sohu0106@126.com> Subject: [PATCH mvebu] bus: moxtet: fix potential stack buffer overflow Date: Sat, 15 Feb 2020 15:21:30 +0100 Message-Id: <20200215142130.22743-1-marek.behun@nic.cz> MIME-Version: 1.0 Precedence: Bulk Sender: patchwork-soc@linux.kernel.org Mailing-List: list patchwork-soc@linux.kernel.org; contact patchwork-soc+owner@linux.kernel.org Reply-To: patchwork-soc+owner@linux.kernel.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Series	[mvebu] bus: moxtet: fix potential stack buffer overflow \| expand [mvebu] bus: moxtet: fix potential stack buffer overflow

Message ID

20200215142130.22743-1-marek.behun@nic.cz (mailing list archive)

State

Mainlined

Commit

3bf3c9744694803bd2d6f0ee70a6369b980530fd

Headers

DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2683B2086A
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D87622086A
From: =?utf-8?q?Marek_Beh=C3=BAn?= <marek.behun@nic.cz>
To: Linuxkernel+Patchwork-Soc via Email Integration
 <patchwork-soc@linux.kernel.org>
Cc: arm@kernel.org, soc@kernel.org,
 =?utf-8?q?Marek_Beh=C3=BAn?= <marek.behun@nic.cz>,
 sohu0106 <sohu0106@126.com>
Subject: [PATCH mvebu] bus: moxtet: fix potential stack buffer overflow
Date: Sat, 15 Feb 2020 15:21:30 +0100
Message-Id: <20200215142130.22743-1-marek.behun@nic.cz>
MIME-Version: 1.0
Precedence: Bulk
Sender: patchwork-soc@linux.kernel.org
Mailing-List: list patchwork-soc@linux.kernel.org;
 contact patchwork-soc+owner@linux.kernel.org
Reply-To: patchwork-soc+owner@linux.kernel.org
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Series

[mvebu] bus: moxtet: fix potential stack buffer overflow | expand

Commit Message

Marek Behún Feb. 15, 2020, 2:21 p.m. UTC

The input_read function declares the size of the hex array relative to
sizeof(buf), but buf is a pointer argument of the function. The hex
array is meant to contain hexadecimal representation of the bin array.

Fixes: 5bc7f990cd98 ("bus: Add support for Moxtet bus")
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reported-by: sohu0106 <sohu0106@126.com>
---
 drivers/bus/moxtet.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

patchwork-bot+linux-soc@kernel.org Feb. 15, 2020, 6:42 p.m. UTC | #1

Hello:

This patch was applied to soc/soc.git (refs/heads/for-next).

On Sat, 15 Feb 2020 15:21:30 +0100 you wrote:
> The input_read function declares the size of the hex array relative to
> sizeof(buf), but buf is a pointer argument of the function. The hex
> array is meant to contain hexadecimal representation of the bin array.
> 
> Fixes: 5bc7f990cd98 ("bus: Add support for Moxtet bus")
> Signed-off-by: Marek Behún <marek.behun@nic.cz>
> Reported-by: sohu0106 <sohu0106@126.com>
> 
> [...]


Here is a summary with links:
  - [mvebu] bus: moxtet: fix potential stack buffer overflow
    https://git.kernel.org/soc/soc/c/51a9ebd6be97672b363f98775d4ccbcea05e3db4

You are awesome, thank you!

patchwork-bot+linux-soc@kernel.org Feb. 15, 2020, 6:42 p.m. UTC | #2

Hello:

The following patches were marked "accepted", because they were applied to
soc/soc.git (refs/heads/for-next):

Patch: [mvebu] bus: moxtet: fix potential stack buffer overflow
  Submitter: Marek Behún <marek.behun@nic.cz>
  Patchwork: https://patchwork.kernel.org/project/linux-soc/list/?series=242015

Total patches: 1

Gregory CLEMENT March 8, 2020, 11:34 a.m. UTC | #3

Hi Marek,

> The input_read function declares the size of the hex array relative to
> sizeof(buf), but buf is a pointer argument of the function. The hex
> array is meant to contain hexadecimal representation of the bin array.
>
> Fixes: 5bc7f990cd98 ("bus: Add support for Moxtet bus")
> Signed-off-by: Marek Behún <marek.behun@nic.cz>
> Reported-by: sohu0106 <sohu0106@126.com>

Applied on mvebu/fixes

Thanks,

Gregory

> ---
>  drivers/bus/moxtet.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/bus/moxtet.c b/drivers/bus/moxtet.c
> index 15fa293819a0..b20fdcbd035b 100644
> --- a/drivers/bus/moxtet.c
> +++ b/drivers/bus/moxtet.c
> @@ -465,7 +465,7 @@ static ssize_t input_read(struct file *file, char __user *buf, size_t len,
>  {
>  	struct moxtet *moxtet = file->private_data;
>  	u8 bin[TURRIS_MOX_MAX_MODULES];
> -	u8 hex[sizeof(buf) * 2 + 1];
> +	u8 hex[sizeof(bin) * 2 + 1];
>  	int ret, n;
>  
>  	ret = moxtet_spi_read(moxtet, bin);
> -- 
> 2.24.1
>

diff --git a/drivers/bus/moxtet.c b/drivers/bus/moxtet.c
index 15fa293819a0..b20fdcbd035b 100644
--- a/drivers/bus/moxtet.c
+++ b/drivers/bus/moxtet.c
@@ -465,7 +465,7 @@  static ssize_t input_read(struct file *file, char __user *buf, size_t len,
 {
 	struct moxtet *moxtet = file->private_data;
 	u8 bin[TURRIS_MOX_MAX_MODULES];
-	u8 hex[sizeof(buf) * 2 + 1];
+	u8 hex[sizeof(bin) * 2 + 1];
 	int ret, n;
 
 	ret = moxtet_spi_read(moxtet, bin);