Re: Brainy: bug in x86/cpu_ucode_intel.c

To: David Laight <david%l8s.co.uk@localhost>
Subject: Re: Brainy: bug in x86/cpu_ucode_intel.c
From: Robert Elz <kre%munnari.OZ.AU@localhost>
Date: Mon, 05 Oct 2015 01:35:42 +0700

One more thing I noticed while reading the code - and from what I can tell
it has been like this forever - there's no input validation at all.

The code uses pointer+48 - but nothing has checked that there are
(more than, or even) 48 bytes ... or for that matter, that the uh->
header is even there (the firmware load routines will have just returned
whatever was in the file).

I guess the assumption is that this is a root only facility (I hope!) and
root won't give it a file to load that isn't the correct file,  but it
still seems wrong do do no validity checking at all.

kre

References:
- Re: Brainy: bug in x86/cpu_ucode_intel.c
  - From: David Laight
- Re: Brainy: bug in x86/cpu_ucode_intel.c
  - From: Robert Elz
- re: Brainy: bug in x86/cpu_ucode_intel.c
  - From: matthew green
- Re: Brainy: bug in x86/cpu_ucode_intel.c
  - From: David Holland

Prev by Date: Re: Brainy: bug in x86/cpu_ucode_intel.c
Next by Date: module(9) man page tweaks
Previous by Thread: Re: Brainy: bug in x86/cpu_ucode_intel.c
Next by Thread: [patch] xhci patch 20151003
Indexes:

Home | Main Index | Thread Index | Old Index