Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 09b661b33268698d3b453dceb78cda129ad899b4
commit09b661b33268698d3b453dceb78cda129ad899b4[log] [tgz]
authorLuciano Coelho <coelho@ti.com>Fri Apr 01 19:42:02 2011 +0300
committerJohn W. Linville <linville@tuxdriver.com>Mon Apr 04 15:22:12 2011 -0400
treee5e1760d61f665bfb3216ef6de7c3a9c6b26d80c
parent023535732f4db01af4921f20f058bc4561d9add7 [diff]
wl12xx: fix potential buffer overflow in testmode nvs push

We were allocating the size of the NVS file struct and not checking
whether the length of the buffer passed was correct before copying it
into the allocated memory.  This is a security hole because buffer
overflows can occur if the userspace passes a bigger file than what is
expected.

With this patch, we check if the size of the data passed from
userspace matches the size required.

This bug was introduced in 2.6.36.

Cc: stable@kernel.org
Reported-by: Ido Yariv <ido@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
1 file changed
tree: e5e1760d61f665bfb3216ef6de7c3a9c6b26d80c
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS