From patchwork Thu Feb 28 09:42:26 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Uwe_Kleine-K=C3=B6nig?= X-Patchwork-Id: 223857 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from merlin.infradead.org (merlin.infradead.org [IPv6:2001:4978:20e::2]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id E4C262C034F for ; Thu, 28 Feb 2013 20:43:42 +1100 (EST) Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1UB00Z-00061w-2s; Thu, 28 Feb 2013 09:42:35 +0000 Received: from metis.ext.pengutronix.de ([2001:6f8:1178:4:290:27ff:fe1d:cc33]) by merlin.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1UB00W-00061M-VG for linux-mtd@lists.infradead.org; Thu, 28 Feb 2013 09:42:33 +0000 Received: from dude.hi.pengutronix.de ([2001:6f8:1178:2:21e:67ff:fe11:9c5c]) by metis.ext.pengutronix.de with esmtp (Exim 4.72) (envelope-from ) id 1UB00T-00068W-T0; Thu, 28 Feb 2013 10:42:29 +0100 Received: from ukl by dude.hi.pengutronix.de with local (Exim 4.80) (envelope-from ) id 1UB00T-00009e-RV; Thu, 28 Feb 2013 10:42:29 +0100 From: =?UTF-8?q?Uwe=20Kleine-K=C3=B6nig?= To: linux-mtd@lists.infradead.org, Artem Bityutskiy Subject: [PATCH] flash_otp_write: fix a buffer overflow on NAND with write size > 2048 Date: Thu, 28 Feb 2013 10:42:26 +0100 Message-Id: <1362044546-559-1-git-send-email-u.kleine-koenig@pengutronix.de> X-Mailer: git-send-email 1.7.10.4 MIME-Version: 1.0 X-SA-Exim-Connect-IP: 2001:6f8:1178:2:21e:67ff:fe11:9c5c X-SA-Exim-Mail-From: ukl@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false X-PTX-Original-Recipient: linux-mtd@lists.infradead.org X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20130228_044233_171384_8FD46EAD X-CRM114-Status: GOOD ( 11.41 ) X-Spam-Score: -2.6 (--) X-Spam-Report: SpamAssassin version 3.3.2 on merlin.infradead.org summary: Content analysis details: (-2.6 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] Cc: kernel@pengutronix.de X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org I'm not aware of any chip having a write size bigger than 2048 today. Still checking for that instead of a sleeping problem to bite us maybe in a few years is easy. Signed-off-by: Uwe Kleine-König --- flash_otp_write.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/flash_otp_write.c b/flash_otp_write.c index 0aa872e..5114e6b 100644 --- a/flash_otp_write.c +++ b/flash_otp_write.c @@ -82,6 +82,12 @@ int main(int argc,char *argv[]) else len = 256; + if (len > sizeof(buf)) { + printf("huh, writesize (%d) bigger than buffer (%zu)\n", + len, sizeof(buf)); + return ENOMEM; + } + wrote = 0; while ((size = xread(0, buf, len))) { if (size < 0) {