lisa/android_kernel_xiaomi_sm8350
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3fb0cb5d0f
android_kernel_xiaomi_sm8350/drivers
History
Heikki Orsila 3fb0cb5d0f [PATCH] Open IPMI BT overflow 
I was looking into random driver code and found a suspicious looking
memcpy() in drivers/char/ipmi/ipmi_bt_sm.c on 2.6.17-rc1:

	if ((size < 2) || (size > IPMI_MAX_MSG_LENGTH))
		return -1;
	...
	memcpy(bt->write_data + 3, data + 1, size - 1);

where sizeof bt->write_data is IPMI_MAX_MSG_LENGTH.  It looks like the
memcpy would overflow by 2 bytes if size == IPMI_MAX_MSG_LENGTH.  A patch
attached to limit size to (IPMI_MAX_LENGTH - 2).

Cc: Corey Minyard <minyard@acm.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-04-19 09:13:52 -07:00
..
acorn
acpi
amba
atm
base [PATCH] pm: print name of failed suspend function 2006-04-14 11:41:25 -07:00
block [PATCH] cciss: bug fix for crash when running hpacucli 2006-04-17 14:24:57 -07:00
bluetooth
cdrom
char [PATCH] Open IPMI BT overflow 2006-04-19 09:13:52 -07:00
connector
cpufreq [CPUFREQ] drivers/cpufreq/cpufreq.c: static functions mustn't be exported 2006-04-18 17:24:52 -05:00
crypto
dio
edac
eisa
fc4
firmware [PATCH] DMI: move dmi_scan.c from arch/i386 to drivers/firmware/ 2006-04-14 11:41:25 -07:00
hwmon [PATCH] w83792d: Be quiet on misdetection 2006-04-14 11:18:33 -07:00
i2c [PATCH] m41t00: fix bitmasks when writing to chip 2006-04-19 09:13:49 -07:00
ide
ieee1394
infiniband
input
isdn
leds
macintosh
mca
md [PATCH] sysfs: Allow sysfs attribute files to be pollable 2006-04-14 11:41:24 -07:00
media
message [SCSI] mptfusion - fix panic in mptsas_slave_configure 2006-04-14 09:35:12 -05:00
mfd
misc
mmc
mtd
net [IRDA]: smsc-ircc2, smcinit support for ALi ISA bridges 2006-04-14 16:03:33 -07:00
nubus
oprofile
parisc
parport
pci Merge master.kernel.org:/pub/scm/linux/kernel/git/gregkh/pci-2.6 2006-04-14 17:08:18 -07:00
pcmcia [ARM] 3478/1: SharpSL SCOOP: Fix potenial build failure 2006-04-18 23:18:53 +01:00
pnp
rapidio
rtc
s390
sbus
scsi [SCSI] scsi_transport_sas: don't scan a non-existent end device 2006-04-14 15:33:41 -05:00
serial [PATCH] m32r: Remove a warning in m32r_sio.c 2006-04-19 09:13:51 -07:00
sh
sn
spi
tc
telephony
usb [PATCH] isd200: limit to BLK_DEV_IDE 2006-04-17 14:24:57 -07:00
video
w1
zorro
Kconfig
Makefile