Re: [PATCH v3] comedi: integer overflow in do_insnlist_ioctl()

From: Dan Carpenter
Date: Sun Nov 27 2011 - 06:25:56 EST

Next message: Mark Brown: "Re: [PATCH] regulator: export of_get_regulator_init_data"
Previous message: Mark Brown: "Re: [PATCH] power_supply: convert drivers/power/* to usemodule_platform_driver()"
In reply to: Greg KH: "Re: [PATCH v3] comedi: integer overflow in do_insnlist_ioctl()"
Next in thread: Greg KH: "Re: [PATCH v3] comedi: integer overflow in do_insnlist_ioctl()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Nov 26, 2011 at 06:52:52PM -0800, Greg KH wrote:
> On Fri, Nov 25, 2011 at 04:46:51PM -0500, Xi Wang wrote:
> > There is a potential integer overflow in do_insnlist_ioctl() if
> > userspace passes in a large insnlist.n_insns. The call to kmalloc()
> > would allocate a small buffer, leading to a memory corruption.
> >
> > The bug was reported by Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> > and Haogang Chen <haogangchen@xxxxxxxxx>. The patch was suggested by
> > Ian Abbott <abbotti@xxxxxxxxx> and Lars-Peter Clausen <lars@xxxxxxxxxx>.
> >
> > Signed-off-by: Xi Wang <xi.wang@xxxxxxxxx>
>
> Hm, I already applied Dan's previous patch, what should I do with this
> one now? Revert Dan's and apply this one, or apply both of them, or
> something else?

Sorry for that, I should have replied to my patch when I learned that
it had a problem.

Please, revert mine and apply Xi Wang's.

regards,
dan carpenter

Attachment: signature.asc
Description: Digital signature

Next message: Mark Brown: "Re: [PATCH] regulator: export of_get_regulator_init_data"
Previous message: Mark Brown: "Re: [PATCH] power_supply: convert drivers/power/* to usemodule_platform_driver()"
In reply to: Greg KH: "Re: [PATCH v3] comedi: integer overflow in do_insnlist_ioctl()"
Next in thread: Greg KH: "Re: [PATCH v3] comedi: integer overflow in do_insnlist_ioctl()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]