Date: Wed, 10 Dec 2008 15:39:23 +0800 From: "Eugene Teo" <eugeneteo@...nel.sg> To: oss-security@...ts.openwall.com Cc: "Steven M. Christey" <coley@...us.mitre.org> Subject: CVE request: kernel: watchdog: ib700wdt.c - buffer_underflow bug Steve, here's another one that needs a CVE name. Thanks! http://bugzilla.kernel.org/show_bug.cgi?id=11399 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7c2500f --- [WATCHDOG] ib700wdt.c - fix buffer_underflow bug This fixes Bug 11399: if ibwdt_set_heartbeat(int t) is called with value 30 then the check "if ((t < 0) || (t > 30))" in ibwdt_set_heartbeat is not going to fail because t == 30, but in the loop, the check wd_times[i] > t is never going to be true because none of the wd_times are greater than the value of t (i.e. 30). So we are exiting the loop with i == -1 and therefore setting wd_margin to -1 which is wrong. Reported-by: Zvonimir Rakamaric <zrakamar@...ubc.ca> Signed-off-by: Wim Van Sebroeck <wim@...ana.be>
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.