Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.19 / 7bc2b55a5c030685b399bb65b6baa9ccc3d1f167
commit7bc2b55a5c030685b399bb65b6baa9ccc3d1f167[log] [tgz]
authorDan Carpenter <dan.carpenter@oracle.com>Thu Sep 15 16:44:56 2016 +0300
committerMartin K. Petersen <martin.petersen@oracle.com>Thu Sep 15 09:58:25 2016 -0400
treee075d49871cb515e0d967fb11c39440309ae8d8e
parent38247feb60512a52c4f847933f8f931284dc21f4 [diff]
scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer()

We need to put an upper bound on "user_len" so the memcpy() doesn't
overflow.

Cc: <stable@vger.kernel.org>
Reported-by: Marco Grassi <marco.gra@gmail.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Tomas Henzl <thenzl@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
1 file changed
tree: e075d49871cb515e0d967fb11c39440309ae8d8e
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitignore
  26. .mailmap
  27. COPYING
  28. CREDITS
  29. Kbuild
  30. Kconfig
  31. MAINTAINERS
  32. Makefile
  33. README
  34. REPORTING-BUGS