lisa/android_kernel_xiaomi_sm8350
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3fb0cb5d0f
android_kernel_xiaomi_sm8350/drivers
History
Heikki Orsila 3fb0cb5d0f [PATCH] Open IPMI BT overflow 
I was looking into random driver code and found a suspicious looking
memcpy() in drivers/char/ipmi/ipmi_bt_sm.c on 2.6.17-rc1:

	if ((size < 2) || (size > IPMI_MAX_MSG_LENGTH))
		return -1;
	...
	memcpy(bt->write_data + 3, data + 1, size - 1);

where sizeof bt->write_data is IPMI_MAX_MSG_LENGTH.  It looks like the
memcpy would overflow by 2 bytes if size == IPMI_MAX_MSG_LENGTH.  A patch
attached to limit size to (IPMI_MAX_LENGTH - 2).

Cc: Corey Minyard <minyard@acm.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-04-19 09:13:52 -07:00
..
acorn
acpi
amba
atm
base [PATCH] pm: print name of failed suspend function 2006-04-14 11:41:25 -07:00
block [PATCH] cciss: bug fix for crash when running hpacucli 2006-04-17 14:24:57 -07:00
bluetooth
cdrom [PATCH] Overrun in cdrom/aztcd.c 2006-04-11 06:18:46 -07:00
char [PATCH] Open IPMI BT overflow 2006-04-19 09:13:52 -07:00
connector
cpufreq [CPUFREQ] drivers/cpufreq/cpufreq.c: static functions mustn't be exported 2006-04-18 17:24:52 -05:00
crypto
dio
edac
eisa
fc4
firmware [PATCH] DMI: move dmi_scan.c from arch/i386 to drivers/firmware/ 2006-04-14 11:41:25 -07:00
hwmon [PATCH] w83792d: Be quiet on misdetection 2006-04-14 11:18:33 -07:00
i2c [PATCH] m41t00: fix bitmasks when writing to chip 2006-04-19 09:13:49 -07:00
ide
ieee1394
infiniband IB/mthca: Fix max_srq_sge returned by ib_query_device for Tavor devices 2006-04-12 11:42:30 -07:00
input
isdn [ISDN]: Static overruns in drivers/isdn/i4l/isdn_ppp.c 2006-04-11 17:29:17 -07:00
leds [PATCH] leds: reorganise Kconfig 2006-04-11 06:18:40 -07:00
macintosh
mca
md [PATCH] sysfs: Allow sysfs attribute files to be pollable 2006-04-14 11:41:24 -07:00
media Merge git://git.kernel.org/pub/scm/linux/kernel/git/sam/kbuild 2006-04-11 06:41:02 -07:00
message [SCSI] mptfusion - fix panic in mptsas_slave_configure 2006-04-14 09:35:12 -05:00
mfd
misc
mmc
mtd [PATCH] Remove blkmtd 2006-04-11 06:18:43 -07:00
net [IRDA]: smsc-ircc2, smcinit support for ALi ISA bridges 2006-04-14 16:03:33 -07:00
nubus
oprofile
parisc
parport [PATCH] parport: remove duplicate entry for NETMOS_9835 2006-04-11 06:18:45 -07:00
pci Merge master.kernel.org:/pub/scm/linux/kernel/git/gregkh/pci-2.6 2006-04-14 17:08:18 -07:00
pcmcia [ARM] 3478/1: SharpSL SCOOP: Fix potenial build failure 2006-04-18 23:18:53 +01:00
pnp
rapidio
rtc [PATCH] RTC subsystem: VR41XX cleanup 2006-04-11 06:18:47 -07:00
s390 [PATCH] s390: minor tape fixes 2006-04-11 06:18:38 -07:00
sbus
scsi [SCSI] scsi_transport_sas: don't scan a non-existent end device 2006-04-14 15:33:41 -05:00
serial [PATCH] m32r: Remove a warning in m32r_sio.c 2006-04-19 09:13:51 -07:00
sh
sn [PATCH] Last DMA_xBIT_MASK cleanups 2006-04-11 06:18:44 -07:00
spi
tc
telephony
usb [PATCH] isd200: limit to BLK_DEV_IDE 2006-04-17 14:24:57 -07:00
video [PATCH] fbdev: Use logo with depth of 4 or less for static pseudocolor 2006-04-11 06:18:54 -07:00
w1
zorro
Kconfig
Makefile