[PATCH] sdio: Read buffer overflow

From: Roel Kluin
Date: Fri Aug 07 2009 - 11:11:47 EST

Next message: Steven Rostedt: "Re: [PATCH] ring-buffer: Fix memleak in ring_buffer_free()"
Previous message: Borislav Petkov: "Re: [PATCH] amd64_edac: Rewrite unganged mode code off10_early_channel_count"
Next in thread: David Vrabel: "Re: [PATCH] sdio: Read buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If the loop breaks with an index of 0, then we read before the array.

Signed-off-by: Roel Kluin <roel.kluin@xxxxxxxxx>
---
diff --git a/drivers/mmc/core/sdio_cis.c b/drivers/mmc/core/sdio_cis.c
index 963f293..0f8853c 100644
--- a/drivers/mmc/core/sdio_cis.c
+++ b/drivers/mmc/core/sdio_cis.c
@@ -40,7 +40,7 @@ static int cistpl_vers_1(struct mmc_card *card, struct sdio_func *func,
nr_strings++;
}

- if (buf[i-1] != '\0') {
+ if (i != 0 && buf[i-1] != '\0') {
printk(KERN_WARNING "SDIO: ignoring broken CISTPL_VERS_1\n");
return 0;
}
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Steven Rostedt: "Re: [PATCH] ring-buffer: Fix memleak in ring_buffer_free()"
Previous message: Borislav Petkov: "Re: [PATCH] amd64_edac: Rewrite unganged mode code off10_early_channel_count"
Next in thread: David Vrabel: "Re: [PATCH] sdio: Read buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]