201320435d017e8ebd449034547ef0518ec4d056 - kernel/msm-4.9

commit	201320435d017e8ebd449034547ef0518ec4d056	[log] [tgz]
author	Xi Wang <xi.wang@gmail.com>	Tue Nov 29 21:53:46 2011 -0500
committer	Greg Kroah-Hartman <gregkh@suse.de>	Wed Nov 30 19:29:40 2011 +0900
tree	28d3e3eb643611d1ff8c240baf9f46d40d6a4693
parent	2a58b19fd97c7368c03c027419a2aeb26313adad [diff]

staging: vt6656: integer overflows in private_ioctl()

There are two potential integer overflows in private_ioctl() if
userspace passes in a large sList.uItem / sNodeList.uItem.  The
subsequent call to kmalloc() would allocate a small buffer, leading
to a memory corruption.

Reported-by: Dan Rosenberg <drosenberg@vsecurity.com>
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

drivers/staging/vt6656/ioctl.c[diff]

1 file changed

tree: 28d3e3eb643611d1ff8c240baf9f46d40d6a4693