Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm / 04ded1672402577cd3f390c764f3046cc704a42a
commit04ded1672402577cd3f390c764f3046cc704a42a[log] [tgz]
authorSean Hefty <sean.hefty@intel.com>Tue Dec 06 21:17:11 2011 +0000
committerRoland Dreier <roland@purestorage.com>Mon Dec 19 09:15:33 2011 -0800
treeb87db81163685e91584ef4088009d2d107b447b6
parent5611cc4572e889b62a7b4c72a413536bf6a9c416 [diff]
RDMA/cma: Verify private data length

private_data_len is defined as a u8.  If the user specifies a large
private_data size (> 220 bytes), we will calculate a total length that
exceeds 255, resulting in private_data_len wrapping back to 0.  This
can lead to overwriting random kernel memory.  Avoid this by verifying
that the resulting size fits into a u8.

Reported-by: B. Thery <benjamin.thery@bull.net>
Addresses: <http://bugs.openfabrics.org/bugzilla/show_bug.cgi?id=2335>
Signed-off-by: Sean Hefty <sean.hefty@intel.com>
Signed-off-by: Roland Dreier <roland@purestorage.com>
1 file changed
tree: b87db81163685e91584ef4088009d2d107b447b6
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS