Re: [PATCH] sdio: Read buffer overflow

From: Roel Kluin
Date: Fri Aug 07 2009 - 13:39:19 EST

Next message: Frans Pop: "Re: ath5k - strange regulatory domain change"
Previous message: Steven Rostedt: "[GIT PULL] ring-buffer: Fix memleak in ring_buffer_free()"
In reply to: David Vrabel: "Re: [PATCH] sdio: Read buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

sdio: avoid buffer underrun when parsing an invalid CISTPL_VERS_1

Signed-off-by: Roel Kluin <roel.kluin@xxxxxxxxx>
---
Thanks for comments,

diff --git a/drivers/mmc/core/sdio_cis.c b/drivers/mmc/core/sdio_cis.c
index 963f293..6636354 100644
--- a/drivers/mmc/core/sdio_cis.c
+++ b/drivers/mmc/core/sdio_cis.c
@@ -40,7 +40,7 @@ static int cistpl_vers_1(struct mmc_card *card, struct sdio_func *func,
nr_strings++;
}

- if (buf[i-1] != '\0') {
+ if (nr_strings < 4) {
printk(KERN_WARNING "SDIO: ignoring broken CISTPL_VERS_1\n");
return 0;
}
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Frans Pop: "Re: ath5k - strange regulatory domain change"
Previous message: Steven Rostedt: "[GIT PULL] ring-buffer: Fix memleak in ring_buffer_free()"
In reply to: David Vrabel: "Re: [PATCH] sdio: Read buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]