DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:user-agent:mime-version:to:cc:subject
         :references:in-reply-to:content-type:content-transfer-encoding;
        b=S+ScV0jjO/yU5A4zbbCdXSRXSo5BFL8wgH8VV4nn4hXkk2ZJg4rEEQ9/9hRxtZopgC
         vDwjmVp+aO0WmP85MS7ipU0QGuJR7alSI83F5Hc0l06O3b6smyujQquHgpk4dwHK7hHb
         3FChw+VBMQCYsO88J8W7gOUXP0LSQmKLU9Ai8=
Message-ID: <4A2B80F9.9070103@gmail.com>
Date: Sun, 07 Jun 2009 10:57:29 +0200
From: Jiri Slaby <jirislaby@gmail.com>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1pre) Gecko/20090528 SUSE/3.0b2-11.1 Thunderbird/3.0b3pre
MIME-Version: 1.0
To: Alan Cox <alan@lxorguk.ukuu.org.uk>
CC: linux-kernel@vger.kernel.org, jeffrey.mitchell@gmail.com
Subject: Re: [PATCH] dmi: sanity check BIOS tables
References: <20090606230137.17029.51286.stgit@t61.ukuu.org.uk>
In-Reply-To: <20090606230137.17029.51286.stgit@t61.ukuu.org.uk>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 591
Lines: 18

On 06/07/2009 01:01 AM, Alan Cox wrote:
> @@ -260,6 +276,11 @@ static void __init dmi_save_ipmi_device(const struct dmi_header *dm)
>  	struct dmi_device *dev;
>  	void * data;
>  
> +	if (((u8 *)dm) + dm->length > dmi_end) {

I think this should be >= too.

> +		printk(KERN_ERR "dmi_save_ipmi_device: table overrun.\n");
> +		return;
> +	}
> +
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/