Re: zorro8390: Fix read buffer overflow in zorro8390_init_one()
From: Geert Uytterhoeven
Date: Thu Aug 20 2009 - 07:53:57 EST
On Tue, Aug 18, 2009 at 23:59, Linux Kernel Mailing
List<linux-kernel@xxxxxxxxxxxxxxx> wrote:
> Gitweb: Â Â http://git.kernel.org/linus/be12159b24c532b4b48bdec5a543336438faa132
> Commit: Â Â be12159b24c532b4b48bdec5a543336438faa132
> Parent: Â Â 5e33b719c8fcccfedc1d25167826a0f93fe6c5a1
> Author: Â Â roel kluin <roel.kluin@xxxxxxxxx>
> AuthorDate: Sun Aug 9 04:00:25 2009 +0000
> Committer: ÂDavid S. Miller <davem@xxxxxxxxxxxxx>
> CommitDate: Sun Aug 9 21:46:53 2009 -0700
>
> Â Âzorro8390: Fix read buffer overflow in zorro8390_init_one()
>
> Â ÂPrevent read from cards[-1] when no card was found.
>
> Â ÂSigned-off-by: Roel Kluin <roel.kluin@xxxxxxxxx>
> Â ÂSigned-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
> ---
> Âdrivers/net/zorro8390.c | Â Â3 +++
> Â1 files changed, 3 insertions(+), 0 deletions(-)
>
> diff --git a/drivers/net/zorro8390.c b/drivers/net/zorro8390.c
> index 37c84e3..81c753a 100644
> --- a/drivers/net/zorro8390.c
> +++ b/drivers/net/zorro8390.c
> @@ -120,6 +120,9 @@ static int __devinit zorro8390_init_one(struct zorro_dev *z,
> Â Â for (i = ARRAY_SIZE(cards)-1; i >= 0; i--)
> Â Â Â Âif (z->id == cards[i].id)
> Â Â Â Â Â Âbreak;
> + Â Âif (i < 0)
> + Â Â Â Âreturn -ENODEV;
> +
> Â Â board = z->resource.start;
> Â Â ioaddr = board+cards[i].offset;
> Â Â dev = alloc_ei_netdev();
That case can never happen, as zorro8390_init_one() won't be called
without a matching ID.
But probably the information in struct card_info should be stored in
zorro8390_zorro_tbl[].driver_data,
so we can remove cards[] and the look up.
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@xxxxxxxxxxxxxx
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/