From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mo6-p00-ob.rzone.de ([2a01:238:20a:202:5300::1]) by metis.ext.pengutronix.de with esmtp (Exim 4.72) (envelope-from ) id 1U61LD-0002Ef-LO for ptxdist@pengutronix.de; Thu, 14 Feb 2013 17:07:22 +0100 Received: from mail.rsi.local (p5494FD8E.dip.t-dialin.net [84.148.253.142]) by smtp.strato.de (jorabe mo39) (RZmta 31.17 DYNA|AUTH) with (RC4-MD5 encrypted) ESMTPA id q01bb2p1EG2lBq for ; Thu, 14 Feb 2013 17:07:18 +0100 (CET) Received: from jholzmayr.rsi by mail.rsi.local (MDaemon PRO v13.0.4) with ESMTP id md50000215282.msg for ; Thu, 14 Feb 2013 17:07:17 +0100 Message-ID: <511D0BB1.9060209@rsi-elektrotechnik.de> Date: Thu, 14 Feb 2013 17:07:13 +0100 From: Josef Holzmayr MIME-Version: 1.0 References: <1359977168-20083-1-git-send-email-holzmayr@rsi-elektrotechnik.de> <20130207180759.GC6194@pengutronix.de> In-Reply-To: <20130207180759.GC6194@pengutronix.de> Subject: Re: [ptxdist] [PATCH] libmodbus: fix remote buffer overflow vulnerabulity Reply-To: ptxdist@pengutronix.de List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="iso-8859-1"; Format="flowed" Sender: ptxdist-bounces@pengutronix.de Errors-To: ptxdist-bounces@pengutronix.de To: ptxdist@pengutronix.de Hi Michael, Am 07.02.2013 19:07, schrieb Michael Olbrich: >> +Add checks so modbus_reply returns a >> +MODBUS_EXCEPTION_ILLEGAL_DATA_ADDRESS if the count of requested >> +registers exceeds the spec as noted in modbus.h, line 73ff. > > Can you add your s-o-b here? This looks like it is something for upstream. > Is there some bug report or something that you can reference here, so we > know what to do with this when the next update happens? you mean to s-o-b the patch itself? Sure, why not. A real bugreport doesn't exist, just some bits and pieces: - debian was not too concerned due to low count in popcon. We later = pushed the patch into the package, though. - an earlier version of the patch was sent to the original maintainer = (as github pull request), he is a bit unresponsive though. I guess the best will be to re-try and send it to upstream. Shall I keep = you in the loop then? Greetz _____________________________________________________________ Josef Holzmayr Dipl-Ing. (FH) Entwicklung Embedded Devices / Software Tel.: +49 8444 9204-48> Fax: +49 8444 9204-50 holzmayr@rsi-elektrotechnik.de R-S-I Elektrotechnik GmbH & Co. KG Woelkestrasse 11 D-85301 Schweitenkirchen www.rsi-elektrotechnik.de _____________________________________________________________ Amtsgericht Ingolstadt - GmbH: HRB 191328 - KG: HRA 170363 Gesch=E4ftsf=FChrer: Dr.-Ing. Michael Sorg, Dipl.-Ing. Franz Sorg USt-IdNr.: DE 128592548 -- = ptxdist mailing list ptxdist@pengutronix.de