On Wed, 2016-11-05 at 00:57:32 UTC, Suraj Jitindar Singh wrote: > The array crash_shutdown_handles is an array of size CRASH_HANDLER_MAX+1 > containing up to CRASH_HANDLER_MAX shutdown_handlers. It is assumed to > be NULL terminated, which it is under normal circumstances. Array > accesses in the functions crash_shutdown_unregister() and > default_machine_crash_shutdown() rely on this NULL termination property > when traversing this list and don't protect again out of bounds accesses. > If the NULL terminator were somehow overwritten these functions could > potentially access out of the bounds of the array. > > Shrink the array to size CRASH_HANDLER_MAX and implement explicit array > bounds checking when accessing the elements of the > crash_shutdown_handles[] array in crash_shutdown_unregister() and > default_machine_crash_shutdown(). > > Signed-off-by: Suraj Jitindar Singh <sjitindarsi...@gmail.com>
Applied to powerpc next, thanks. https://git.kernel.org/powerpc/c/1d1451655bad9a6a5fd7a42de6 cheers _______________________________________________ Linuxppc-dev mailing list Linuxppc-dev@lists.ozlabs.org https://lists.ozlabs.org/listinfo/linuxppc-dev
