]> git.baikalelectronics.ru Git - kernel.git/commit
staging: vt6656: integer overflows in private_ioctl()
authorXi Wang <xi.wang@gmail.com>
Wed, 30 Nov 2011 02:53:46 +0000 (21:53 -0500)
committerGreg Kroah-Hartman <gregkh@suse.de>
Wed, 30 Nov 2011 10:29:40 +0000 (19:29 +0900)
commit2cabab977a2e7a22a6064f63e576a347a69f14ed
tree28d3e3eb643611d1ff8c240baf9f46d40d6a4693
parent788accca87c5ff85fa172363c45a92a0cdf25929
staging: vt6656: integer overflows in private_ioctl()

There are two potential integer overflows in private_ioctl() if
userspace passes in a large sList.uItem / sNodeList.uItem.  The
subsequent call to kmalloc() would allocate a small buffer, leading
to a memory corruption.

Reported-by: Dan Rosenberg <drosenberg@vsecurity.com>
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
drivers/staging/vt6656/ioctl.c