From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mail-lf0-f66.google.com ([209.85.215.66]:36115 "EHLO mail-lf0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752336AbdDCNQU (ORCPT ); Mon, 3 Apr 2017 09:16:20 -0400 Date: Mon, 3 Apr 2017 15:16:16 +0200 From: Johan Hovold To: Kalle Valo Cc: Johan Hovold , ath9k-devel , Daniel Drake , Ulrich Kunitz , "linux-wireless@vger.kernel.org" , "netdev@vger.kernel.org" , "linux-usb@vger.kernel.org" , "linux-kernel@vger.kernel.org" , Sujith Manoharan Subject: Re: [PATCH 1/2] wireless: ath9k_htc: fix NULL-deref at probe Message-ID: <20170403131616.GA3119@localhost> (sfid-20170403_151711_033740_4751ADBC) References: <20170313124421.28587-1-johan@kernel.org> <20170403084213.GE25742@localhost> <87shlpomvx.fsf@kamboji.qca.qualcomm.com> <87k271myos.fsf@kamboji.qca.qualcomm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii In-Reply-To: <87k271myos.fsf@kamboji.qca.qualcomm.com> Sender: linux-wireless-owner@vger.kernel.org List-ID: On Mon, Apr 03, 2017 at 01:02:28PM +0000, Kalle Valo wrote: > Kalle Valo writes: > > > Johan Hovold writes: > > > >> On Mon, Mar 13, 2017 at 01:44:20PM +0100, Johan Hovold wrote: > >>> Make sure to check the number of endpoints to avoid dereferencing a > >>> NULL-pointer or accessing memory beyond the endpoint array should a > >>> malicious device lack the expected endpoints. > >>> > >>> Fixes: 36bcce430657 ("ath9k_htc: Handle storage devices") > >>> Cc: Sujith Manoharan > >>> Signed-off-by: Johan Hovold > >> > >> Is this one still in your queue, Kalle? > > > > Yes, I'm just lacking behing: > > > > https://patchwork.kernel.org/patch/9620723/ > > Meant "lagging" of course. Mondays.. > > >> As I mentioned earlier, I should have added a > >> > >> Cc: stable # 2.6.39 > >> > >> but left it out as I mistakingly thought the net recommendations to do > >> so applied also to wireless. > > > > Ok, I'll add that. > > But is 2.6.39 really correct? Shouldn't it be 2.6.39+ so that it means > all versions since 2.6.39? Either way is fine, the stable maintainers apply them to all later versions. I notice now that adding a plus sign is more common, but it's still a 1:2 ratio judging from quick grep, while the stable-kernel-rules.rst actually uses a minus sign... Thanks, Johan From mboxrd@z Thu Jan 1 00:00:00 1970 From: Johan Hovold Subject: Re: [PATCH 1/2] wireless: ath9k_htc: fix NULL-deref at probe Date: Mon, 3 Apr 2017 15:16:16 +0200 Message-ID: <20170403131616.GA3119@localhost> References: <20170313124421.28587-1-johan@kernel.org> <20170403084213.GE25742@localhost> <87shlpomvx.fsf@kamboji.qca.qualcomm.com> <87k271myos.fsf@kamboji.qca.qualcomm.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Johan Hovold , ath9k-devel , Daniel Drake , Ulrich Kunitz , "linux-wireless-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" , "netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" , "linux-usb-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" , "linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" , Sujith Manoharan To: Kalle Valo Return-path: Content-Disposition: inline In-Reply-To: <87k271myos.fsf-HodKDYzPHsUD5k0oWYwrnHL1okKdlPRT@public.gmane.org> Sender: linux-usb-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org List-Id: netdev.vger.kernel.org On Mon, Apr 03, 2017 at 01:02:28PM +0000, Kalle Valo wrote: > Kalle Valo writes: > > > Johan Hovold writes: > > > >> On Mon, Mar 13, 2017 at 01:44:20PM +0100, Johan Hovold wrote: > >>> Make sure to check the number of endpoints to avoid dereferencing a > >>> NULL-pointer or accessing memory beyond the endpoint array should a > >>> malicious device lack the expected endpoints. > >>> > >>> Fixes: 36bcce430657 ("ath9k_htc: Handle storage devices") > >>> Cc: Sujith Manoharan > >>> Signed-off-by: Johan Hovold > >> > >> Is this one still in your queue, Kalle? > > > > Yes, I'm just lacking behing: > > > > https://patchwork.kernel.org/patch/9620723/ > > Meant "lagging" of course. Mondays.. > > >> As I mentioned earlier, I should have added a > >> > >> Cc: stable # 2.6.39 > >> > >> but left it out as I mistakingly thought the net recommendations to do > >> so applied also to wireless. > > > > Ok, I'll add that. > > But is 2.6.39 really correct? Shouldn't it be 2.6.39+ so that it means > all versions since 2.6.39? Either way is fine, the stable maintainers apply them to all later versions. I notice now that adding a plus sign is more common, but it's still a 1:2 ratio judging from quick grep, while the stable-kernel-rules.rst actually uses a minus sign... Thanks, Johan -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org More majordomo info at http://vger.kernel.org/majordomo-info.html