Kernel/linux-next
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git synced 2025-01-11 00:08:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
linux-next/drivers/platform
History
Dan Carpenter 096cdc6f52 platform/chrome: cros_ec_dev - double fetch bug in ioctl 
We verify "u_cmd.outsize" and "u_cmd.insize" but we need to make sure
that those values have not changed between the two copy_from_user()
calls.  Otherwise it could lead to a buffer overflow.

Additionally, cros_ec_cmd_xfer() can set s_cmd->insize to a lower value.
We should use the new smaller value so we don't copy too much data to
the user.

Reported-by: Pengfei Wang <wpengfeinudt@gmail.com>
Fixes: a841178445bb ('mfd: cros_ec: Use a zero-length array for command data')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Tested-by: Gwendal Grignou <gwendal@chromium.org>
Cc: <stable@vger.kernel.org> # v4.2+
Signed-off-by: Olof Johansson <olof@lixom.net>
2016-07-05 14:01:52 -07:00
..
chrome
platform/chrome: cros_ec_dev - double fetch bug in ioctl
2016-07-05 14:01:52 -07:00
goldfish
Convert straggling drivers to new six-argument get_user_pages()
2016-04-02 18:35:05 -05:00
mips
Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus
2016-05-19 10:02:26 -07:00
olpc
OLPC: Use %*ph specifier instead of passing direct values
2015-10-06 23:22:08 +01:00
x86
platform/x86: Drop duplicate dependencies on X86
2016-06-08 13:21:37 -07:00
Kconfig
goldfish: refactor goldfish platform configs
2016-01-28 23:34:36 -08:00
Makefile
MIPS: Loongson-3: Add CPU Hwmon platform driver
2015-04-01 17:22:17 +02:00