oss-security - CVE request: kernel: watchdog: ib700wdt.c

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Message-ID: <28fa9c5e0812092339j4f3b01d5g8a3cf5c38cdabd48@mail.gmail.com>
Date: Wed, 10 Dec 2008 15:39:23 +0800
From: "Eugene Teo" <eugeneteo@...nel.sg>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: CVE request: kernel: watchdog: ib700wdt.c - buffer_underflow bug

Steve, here's another one that needs a CVE name. Thanks!

http://bugzilla.kernel.org/show_bug.cgi?id=11399
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7c2500f

---
[WATCHDOG] ib700wdt.c - fix buffer_underflow bug

This fixes Bug 11399:
if ibwdt_set_heartbeat(int t) is called with value 30 then the check
"if ((t < 0) || (t > 30))" in ibwdt_set_heartbeat is not going to fail
because t == 30, but in the loop, the check wd_times[i] > t is never
going to be true because none of the wd_times are greater than the
value of t (i.e. 30). So we are exiting the loop with i == -1 and
therefore setting wd_margin to -1 which is wrong.

Reported-by: Zvonimir Rakamaric <zrakamar@...ubc.ca>
Signed-off-by: Wim Van Sebroeck <wim@...ana.be>

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.