Re: [PATCH] hex2bin: fix access beyond string end

From: Andy Shevchenko
Date: Tue Apr 26 2022 - 06:43:58 EST

Next message: Mark Rutland: "Re: [PATCH 0/8] stackleak: fixes and rework"
Previous message: Greg KH: "Re: [PATCH v5 8/8] selftests: firmware: Add firmware upload selftests"
In reply to: Mikulas Patocka: "[PATCH] hex2bin: fix access beyond string end"
Next in thread: Mikulas Patocka: "[PATCH v2] hex2bin: fix access beyond string end"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Apr 24, 2022 at 10:48 PM Mikulas Patocka <mpatocka@xxxxxxxxxx> wrote:
>
> If we pass too short string to "hex2bin" (and the string size without the
> terminating NUL character is even), "hex2bin" reads one byte after the
> terminating NUL character. This patch fixes it.
>
> Signed-off-by: Mikulas Patocka <mpatocka@xxxxxxxxxx>
> Cc: stable@xxxxxxxxxxxxxxx

You need to provide a Fixes tag.

...

> while (count--) {
> - int hi = hex_to_bin(*src++);
> - int lo = hex_to_bin(*src++);
> + int hi, lo;
>
> - if ((hi < 0) || (lo < 0))
> + hi = hex_to_bin(*src++);
> + if (hi < 0)
> + return -EINVAL;

return hi;

> + lo = hex_to_bin(*src++);
> + if (lo < 0)
> return -EINVAL;

return lo;

> *dst++ = (hi << 4) | lo;

And on top of that it would be nice to understand if we need to
support half-bytes, but in any case it's not a scope of the patch
right now.

--
With Best Regards,
Andy Shevchenko

Next message: Mark Rutland: "Re: [PATCH 0/8] stackleak: fixes and rework"
Previous message: Greg KH: "Re: [PATCH v5 8/8] selftests: firmware: Add firmware upload selftests"
In reply to: Mikulas Patocka: "[PATCH] hex2bin: fix access beyond string end"
Next in thread: Mikulas Patocka: "[PATCH v2] hex2bin: fix access beyond string end"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]