Re: i2c device driver bugs

From: Greg KH
Date: Tue Jun 15 2004 - 11:15:57 EST

Next message: Ivan Kokshaysky: "Re: Compile problems on alpha: 2.6.6, 2.6.7-rc2"
Previous message: William Lee Irwin III: "Re: Compile problems on alpha: 2.6.6, 2.6.7-rc2"
In reply to: Shaun Colley: "Re: i2c device driver bugs"
Next in thread: Shaun Colley: "Re: i2c device driver bugs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jun 15, 2004 at 04:39:20PM +0100, Shaun Colley wrote:
> Hi Greg,
>
> > Please let us know exactly what kernel version you
> > see this in. It
> > looks to me that it is fixed in the latest 2.4 and
> > 2.6 versions. If you
> > do not think so, please let us know.
>
> I was actually looking at a fairly old version of the
> source tree (2.4.19, 2.4.20) -- it appears that a
> quick fix fixed this vulnerability in 2.4.21:
>
> http://lxr.linux.no/diff/drivers/i2c/i2c-dev.c?diffval=2.4.21;diffvar=v
>
> If you scroll down a bit, you should see:
>
> ---
> if (rdwr_arg.nmsgs > 42)
> return -EINVAL;
> ---
>
> It looks like a quick sanity check was added in the
> 'I2C_RDWR' option, to fix the issue.
>
> I'm downloading the 2.4.21 patch to check if the
> fixing of this was recorded, or whether it was
> silently fixed (looks like it was).
>
> Confirmed. 2.4.21 fixed the bug:

What do you mean "silent"? I got fixed 15 months ago with the following
changeset:
http://linux.bkbits.net:8080/linux-2.4/diffs/drivers/i2c/i2c-dev.c@xxx

It was then fixed even better with the following change:
http://linux.bkbits.net:8080/linux-2.4/diffs/drivers/i2c/i2c-dev.c@xxx
almost a whole year ago.

> It's also fixed in all versions of 2.6...
>
> However, the vulnerbility seems to still be present in
> 2.5 -- latest version.

Heh, 2.5 development is dead, no one uses that kernel, just like no one
uses the most recent 2.3 kernel tree.

> So, to sum it up:
>
> - Not present in 2.2, because the driver wasn't
> implemented as fully as it is now.
> - Present in 2.4 versions 2.4.20 and below.
> - Present in 2.5
> - Not present in 2.6

Yes, this was a security issue a year ago, but has been fixed since
then. Vendors have released kernels that fix this issue for their 2.4
kernels. If not, I suggest you contact your vendor.

thanks again,

greg k-h
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ivan Kokshaysky: "Re: Compile problems on alpha: 2.6.6, 2.6.7-rc2"
Previous message: William Lee Irwin III: "Re: Compile problems on alpha: 2.6.6, 2.6.7-rc2"
In reply to: Shaun Colley: "Re: i2c device driver bugs"
Next in thread: Shaun Colley: "Re: i2c device driver bugs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]