Re: [PATCH] a100u2w: Added sanitization for pointer dereference using a value from hardware. Detected using Carburizer (http://lwn.net/Articles/479653/)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> It's probably really not worth it.  The u100w2 is a pretty old SCSI
> driver.  I can't imagine there's more than a handful of them left.  As I
> said, there's no evidence of a problem.

I would argue that having hardened code is always better if you plan to
support this code at all. And these bugs manifest  more frequently as hardware 
gets older. Sanitizing inputs from hardware is a good idea and this one is 
particularly insidious since it uses it uses hardware values in pointer operations.

-Asim--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]
  Powered by Linux