Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.19 / a2cb0eb8a64adb29a99fd864013de957028f36ae
commita2cb0eb8a64adb29a99fd864013de957028f36ae[log] [tgz]
authorDennis Dalessandro <dennis.dalessandro@intel.com>Thu Feb 20 11:02:53 2014 -0500
committerRoland Dreier <roland@purestorage.com>Mon Mar 17 16:16:51 2014 -0700
tree29398a975c31580c9c545df3e8081e566e49f46b
parent1c20c81909455f64f2df6107cb099ee5569d9f62 [diff]
IB/ipath: Fix potential buffer overrun in sending diag packet routine

Guard against a potential buffer overrun.  The size to read from the
user is passed in, and due to the padding that needs to be taken into
account, as well as the place holder for the ICRC it is possible to
overflow the 32bit value which would cause more data to be copied from
user space than is allocated in the buffer.

Cc: <stable@vger.kernel.org>
Reported-by: Nico Golde <nico@ngolde.de>
Reported-by: Fabian Yamaguchi <fabs@goesec.de>
Reviewed-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
Signed-off-by: Roland Dreier <roland@purestorage.com>
1 file changed
tree: 29398a975c31580c9c545df3e8081e566e49f46b
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS