Re: [PATCH] Fix buffer overflow in Omnikey CardMan 4040 driver

From: Simon Arlott
Date: Tue Mar 06 2007 - 15:21:44 EST

Next message: Robert Peterson: "[PATCH 2.6.21-rc1] Extend print_symbol capability TRY #3"
Previous message: Eric Dumazet: "Re: [patch v2] epoll use a single inode ..."
In reply to: Marcel Holtmann: "[PATCH] Fix buffer overflow in Omnikey CardMan 4040 driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 06/03/07 21:12, Marcel Holtmann wrote:

Hi Linus,

the attached patch fixes a buffer overflow in the Omnikey CardMan 4040
driver that could lead to a potential arbitrary code execution with
kernel privileges.

Regards

Marcel

- if (count < 5) {
+ if ((count < 5) || (count > READ_WRITE_BUFFER_SIZE)) {
DEBUGP(2, dev, "<- cm4040_write buffersize=%Zd < 5\n", count);
return -EIO;
}

That debug message needs to be changed too since count won't always be < 5 when it's used.

--
Simon Arlott
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Robert Peterson: "[PATCH 2.6.21-rc1] Extend print_symbol capability TRY #3"
Previous message: Eric Dumazet: "Re: [patch v2] epoll use a single inode ..."
In reply to: Marcel Holtmann: "[PATCH] Fix buffer overflow in Omnikey CardMan 4040 driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]