Re: [CHECKER] Probable Security Errors in 2.4.12-ac3

From: Jens Axboe (axboe@suse.de)
Date: Tue Oct 23 2001 - 02:32:30 EST

Next message: Albert Bartoszko: "Re: [PATCH] binfmt_misc.c, kernel-2.4.12"
Previous message: Helge Hafting: "Re: 2.4.13-pre6 breaks Nvidia's kernel module"
In reply to: Ken Ashcraft: "[CHECKER] Probable Security Errors in 2.4.12-ac3"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Oct 20 2001, Ken Ashcraft wrote:
> ---------------------------------------------------------
> [BUG] needs upper bound
> /home/kash/linux/2.4.12/drivers/cdrom/cdrom.c:2019:mmc_ioctl: ERROR:RANGE:2012:2019: [LOOP] Looping on user length "nr" set by 'copy_from_user':2018 [linkages -> 2018:nr=nframes -> 2012:ra:start] [distance=26]
> lba = ra.addr.lba;
> else
> return -EINVAL;
>
> /* FIXME: we need upper bound checking, too!! */
> Start --->
> if (lba < 0 || ra.nframes <= 0)
> return -EINVAL;
>
> /*
> * start with will ra.nframes size, back down if alloc fails
> */
> nr = ra.nframes;
> Error --->
> do {
> cgc.buffer = kmalloc(CD_FRAMESIZE_RAW * nr, GFP_KERNEL);
> if (cgc.buffer)
> break;

Here's a fix for that. Linus, please apply.

-- Jens Axboe

text/plain attachment: cd-cdda-1

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/

Next message: Albert Bartoszko: "Re: [PATCH] binfmt_misc.c, kernel-2.4.12"
Previous message: Helge Hafting: "Re: 2.4.13-pre6 breaks Nvidia's kernel module"
In reply to: Ken Ashcraft: "[CHECKER] Probable Security Errors in 2.4.12-ac3"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Tue Oct 23 2001 - 21:00:35 EST