Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-04 04:06:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
deb2eaa1b2
linux-stable/drivers
History
Dan Carpenter deb2eaa1b2 isdnloop: several buffer overflows 
[ Upstream commit 7563487cbf ]

There are three buffer overflows addressed in this patch.

1) In isdnloop_fake_err() we add an 'E' to a 60 character string and
then copy it into a 60 character buffer.  I have made the destination
buffer 64 characters and I'm changed the sprintf() to a snprintf().

2) In isdnloop_parse_cmd(), p points to a 6 characters into a 60
character buffer so we have 54 characters.  The ->eazlist[] is 11
characters long.  I have modified the code to return if the source
buffer is too long.

3) In isdnloop_command() the cbuf[] array was 60 characters long but the
max length of the string then can be up to 79 characters.  I made the
cbuf array 80 characters long and changed the sprintf() to snprintf().
I also removed the temporary "dial" buffer and changed it to use "p"
directly.

Unfortunately, we pass the "cbuf" string from isdnloop_command() to
isdnloop_writecmd() which truncates anything over 60 characters to make
it fit in card->omsg[].  (It can accept values up to 255 characters so
long as there is a '\n' character every 60 characters).  For now I have
just fixed the memory corruption bug and left the other problems in this
driver alone.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-04-14 06:47:22 -07:00
..
accessibility
acpi ACPI / sleep: Add extra checks for HW Reduced ACPI mode sleep states 2014-03-23 21:44:12 -07:00
amba
ata libata: use wider match for blacklisting Crucial M500 2014-03-23 21:44:10 -07:00
atm atm: idt77252: fix dev refcnt leak 2013-11-19 15:53:02 -05:00
auxdisplay
base PM / hibernate: Fix restore hang in freeze_processes() 2014-03-06 22:06:29 -08:00
bcma Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2013-11-13 17:40:34 +09:00
block mm: close PageTail race 2014-04-03 12:02:37 -07:00
bluetooth Bluetooth: Add support for Toshiba Bluetooth device [0930:0220] 2013-12-04 11:11:49 -02:00
bus Merge branch 'for-linus' of git://git.linaro.org/people/rmk/linux-arm 2013-11-14 08:51:29 +09:00
cdrom
char raw: test against runtime value of max_raw_minors 2014-02-22 13:34:46 -08:00
clk clk: clk-divider: fix divisor > 255 bug 2014-01-08 08:33:12 -08:00
clocksource clocksource: vf_pit_timer: use complement for sched_clock reading 2014-03-31 10:05:13 -07:00
connector connector: improved unaligned access error fix 2013-11-14 17:19:20 -05:00
cpufreq intel_pstate: Add support for Baytrail turbo P states 2014-03-23 21:44:19 -07:00
cpuidle ARM/cpuidle: remove __init tag from Calxeda cpuidle probe function 2013-12-30 11:55:20 +01:00
crypto crypto: ixp4xx - Fix kernel compile error 2014-01-01 14:06:23 +08:00
dca
devfreq Merge branch 'pm-devfreq' 2013-11-07 19:24:20 +01:00
dio
dma dma: ste_dma40: don't dereference free:d descriptor 2014-03-06 22:06:29 -08:00
edac i7300_edac: Fix device reference count 2014-03-06 22:06:29 -08:00
eisa Revert "EISA: Initialize device before its resources" 2014-02-13 13:55:27 -08:00
extcon extcon: gpio: Request gpio pin before modifying its state 2014-01-29 05:06:18 -08:00
firewire firewire: don't use PREPARE_DELAYED_WORK 2014-03-23 21:44:10 -07:00
firmware Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-12-29 13:35:04 -08:00
fmc
gpio GPIO fixes for the v3.13 development cycle: 2013-12-17 11:47:40 -08:00
gpu drm/i915: Undo gtt scratch pte unmapping again 2014-04-03 12:02:36 -07:00
hid HID: hidraw: fix warning destroying hidraw device files after parent 2014-03-31 10:05:13 -07:00
hsi
hv Drivers: hv: vmbus: Don't timeout during the initial connection with host 2014-02-22 13:34:53 -08:00
hwmon hwmon: (max1668) Fix writing the minimum temperature 2014-03-06 22:06:25 -08:00
hwspinlock
i2c i2c: cpm: Fix build by adding of_address.h and of_irq.h 2014-04-03 12:02:36 -07:00
ide More ACPI and power management updates for 3.13-rc1 2013-11-20 13:25:04 -08:00
idle intel_idle: close avn_cstates array with correct marker 2014-01-10 03:06:06 +01:00
iio iio:gyro: bug on L3GD20H gyroscope support 2014-03-06 22:06:26 -08:00
infiniband iser-target: Fix command leak for tx_desc->comp_llnode_batch 2014-03-23 21:44:13 -07:00
input Input: cypress_ps2 - don't report as a button pads 2014-04-03 12:02:35 -07:00
iommu iommu/arm-smmu: set CBARn.BPSHCFG to NSH for s1-s2-bypass contexts 2014-03-06 22:06:26 -08:00
ipack
irqchip irq-metag*: stop set_affinity vectoring to offline cpus 2014-03-06 22:06:29 -08:00
isdn isdnloop: several buffer overflows 2014-04-14 06:47:22 -07:00
leds leds: lp5521/5523: Remove duplicate mutex 2014-01-10 14:48:07 -08:00
lguest x86, asmlinkage, lguest: Pass in globals into assembler statement 2013-11-07 12:13:05 +10:30
macintosh powerpc/windfarm: Fix XServe G5 fan control Makefile issue 2013-11-27 11:35:47 +11:00
mailbox
md dm cache: fix access beyond end of origin device 2014-03-23 21:44:17 -07:00
media media: cx18: check for allocation failure in cx18_read_eeprom() 2014-03-31 10:05:14 -07:00
memory
memstick tree-wide: use reinit_completion instead of INIT_COMPLETION 2013-11-15 09:32:21 +09:00
message drivers/message/i2o/driver.c: add missing destroy_workqueue() on error in i2o_driver_register() 2013-11-13 12:09:26 +09:00
mfd ASoC: da9055: Fix device registration of PMIC and CODEC devices 2014-03-06 22:06:18 -08:00
misc mei: set client's read_cb to NULL when flow control fails 2014-03-06 22:06:24 -08:00
mmc Fix uses of dma_max_pfn() when converting to a limiting address 2014-03-31 10:05:15 -07:00
mtd mtd: nand: omap: fix ecclayout->oobfree->length 2014-03-06 22:06:25 -08:00
net net: vxlan: fix crash when interface is created with no group 2014-04-14 06:47:22 -07:00
nfc
ntb NTB driver bug fixes to address a missed call to pci_enable_msix, 2013-11-26 11:15:12 -08:00
nubus
of of: fix PCI bus match for PCIe slots 2014-02-22 13:34:45 -08:00
oprofile
parisc
parport parport: parport_pc: remove double PCI ID for NetMos 2014-02-06 11:34:01 -08:00
pci PCI: Enable INTx in pci_reenable_device() only when MSI/MSI-X not enabled 2014-03-23 21:44:16 -07:00
pcmcia DeviceTree updates for 3.13. This is a bit larger pull request than 2013-11-12 16:52:17 +09:00
phy phy: kconfig: add depends on "USB_PHY" to OMAP_USB2 and TWL4030_USB 2013-12-10 12:53:30 -08:00
pinctrl pinctrl: sunxi: use chained_irq_{enter, exit} for GIC compatibility 2014-03-23 21:44:07 -07:00
platform hp_accel: Add a new PnP ID HPQ6007 for new HP laptops 2014-02-06 11:34:06 -08:00
pnp PNP / ACPI: proper handling of ACPI IO/Memory resource parsing failures 2014-03-23 21:44:20 -07:00
power power: max17040: Fix NULL pointer dereference when there is no platform_data 2014-02-22 13:34:59 -08:00
powercap powercap / RAPL: add support for ValleyView Soc 2013-12-22 01:27:51 +01:00
pps drivers/pps/clients/pps-gpio.c: remove redundant of_match_ptr 2013-11-13 12:09:35 +09:00
ps3
ptp
pwm
rapidio rapidio/tsi721: fix tasklet termination in dma channel release 2014-03-23 21:43:59 -07:00
regulator regulator: core: Replace direct ops->disable usage 2014-03-31 10:05:15 -07:00
remoteproc
reset
rpmsg
rtc rtc-cmos: Add an alarm disable quirk 2014-02-13 13:55:46 -08:00
s390 s390/3270: fix allocation of tty3270_screen structure 2013-12-18 17:35:30 +01:00
sbus
scsi Fix uses of dma_max_pfn() when converting to a limiting address 2014-03-31 10:05:15 -07:00
sfi
sh
sn
spi spi: spi-ath79: fix initial GPIO CS line setup 2014-03-23 21:44:11 -07:00
ssb
staging zram: avoid null access when fail to alloc meta 2014-03-23 21:43:58 -07:00
target iscsi-target: Fix iscsit_get_tpg_from_np tpg_state bug 2014-03-23 21:44:13 -07:00
tc
thermal x86_pkg_temp_thermal: Do not expose as a hwmon device 2014-03-23 21:44:08 -07:00
tty serial: omap-serial: Move info message to probe function 2014-02-22 13:34:49 -08:00
uio uio: fix devm_request_irq usage 2014-02-06 11:34:00 -08:00
usb xhci: Fix resume issues on Renesas chips in Samsung laptops 2014-03-31 10:05:16 -07:00
uwb Driver Core / sysfs patches for 3.13-rc1 2013-11-07 11:42:15 +09:00
vfio mm: close PageTail race 2014-04-03 12:02:37 -07:00
vhost vhost: validate vhost_get_vq_desc return value 2014-04-14 06:47:21 -07:00
video xen/pvhvm: If xen_platform_pci=0 is set don't blow up (v4). 2014-02-13 13:55:28 -08:00
virt
virtio virtio_balloon: update_balloon_size(): update correct field 2013-12-05 13:12:39 +10:30
vlynq
vme VME: Correct read/write alignment algorithm 2014-02-22 13:34:53 -08:00
w1 drivers/w1/masters/w1-gpio.c: use dev_get_platdata() 2013-11-15 09:32:21 +09:00
watchdog sc1200_wdt: Fix oops 2013-12-10 08:48:15 +01:00
xen xen/balloon: flush persistent kmaps in correct position 2014-04-03 12:02:35 -07:00
zorro
Kconfig ACPI and power management updates for 3.13-rc1 2013-11-14 13:41:48 +09:00
Makefile ACPI and power management updates for 3.13-rc1 2013-11-14 13:41:48 +09:00