Re: [PATCH v3 1/4] ozwpan: Use proper check to prevent heap overflow
On Fri, May 29, 2015 at 05:20:52PM +0200, Jason A. Donenfeld wrote: > On Fri, May 29, 2015 at 2:41 PM, Dan Carpenter > wrote: > > Acked-by: Dan Carpenter > > Acked for the rest of the set too? Yes. Thanks. regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH v3 1/4] ozwpan: Use proper check to prevent heap overflow
On Fri, May 29, 2015 at 2:36 PM, Frans Klaver wrote: > > I would say that it is because part of the expression has been placed > inside parentheses: > > a - b + 1 == a - (b - 1) > > Guess it makes the decision logic slightly more readable. Yes, exactly this. It's so that the bounding check conditional prior looks identical to the actual subtraction, making it much easier to read and verify. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH v3 1/4] ozwpan: Use proper check to prevent heap overflow
On Fri, May 29, 2015 at 2:41 PM, Dan Carpenter wrote: > Acked-by: Dan Carpenter Acked for the rest of the set too? -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH v3 1/4] ozwpan: Use proper check to prevent heap overflow
Oh. Duh. Of course. Acked-by: Dan Carpenter regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH v3 1/4] ozwpan: Use proper check to prevent heap overflow
Hi, On Fri, May 29, 2015 at 2:00 PM, Dan Carpenter wrote: > On Fri, May 29, 2015 at 01:06:58PM +0200, Jason A. Donenfeld wrote: >> --- a/drivers/staging/ozwpan/ozusbsvc1.c >> +++ b/drivers/staging/ozwpan/ozusbsvc1.c >> @@ -390,10 +390,15 @@ void oz_usb_rx(struct oz_pd *pd, struct oz_elt *elt) >> case OZ_GET_DESC_RSP: { >> struct oz_get_desc_rsp *body = >> (struct oz_get_desc_rsp *)usb_hdr; >> - int data_len = elt->length - >> - sizeof(struct oz_get_desc_rsp) + 1; >> - u16 offs = le16_to_cpu(get_unaligned(&body->offset)); >> - u16 total_size = >> + u16 offs, total_size; >> + u8 data_len; >> + >> + if (elt->length < sizeof(struct oz_get_desc_rsp) - 1) >> + break; >> + data_len = elt->length - >> + (sizeof(struct oz_get_desc_rsp) - 1); > > Gar... I'm really sorry. I wanted to Ack these and be done but why did > the + 1 change to a - 1? And I had the same question about the other > patch as well. I would say that it is because part of the expression has been placed inside parentheses: a - b + 1 == a - (b - 1) Guess it makes the decision logic slightly more readable. Frans -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH v3 1/4] ozwpan: Use proper check to prevent heap overflow
On Fri, May 29, 2015 at 01:06:58PM +0200, Jason A. Donenfeld wrote: > --- a/drivers/staging/ozwpan/ozusbsvc1.c > +++ b/drivers/staging/ozwpan/ozusbsvc1.c > @@ -390,10 +390,15 @@ void oz_usb_rx(struct oz_pd *pd, struct oz_elt *elt) > case OZ_GET_DESC_RSP: { > struct oz_get_desc_rsp *body = > (struct oz_get_desc_rsp *)usb_hdr; > - int data_len = elt->length - > - sizeof(struct oz_get_desc_rsp) + 1; > - u16 offs = le16_to_cpu(get_unaligned(&body->offset)); > - u16 total_size = > + u16 offs, total_size; > + u8 data_len; > + > + if (elt->length < sizeof(struct oz_get_desc_rsp) - 1) > + break; > + data_len = elt->length - > + (sizeof(struct oz_get_desc_rsp) - 1); Gar... I'm really sorry. I wanted to Ack these and be done but why did the + 1 change to a - 1? And I had the same question about the other patch as well. Sorry for the hassle and thanks for doing this work. regarsd, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/