On Mon, Jul 17, 2017 at 08:47:25PM -0400, Jacob von Chorus wrote: > Four fields in struct fpgaimage are char arrays of length MAX_STR (256). > The amount of data read into these buffers is controlled by a length > field in the bitstream file read from userspace. If a corrupt or > malicious firmware file was supplied, kernel data beyond these buffers > can be overwritten arbitrarily. > > This patch adds a check of the bitstream's length value to ensure it > fits within the bounds of the allocated buffers. An error condition is > returned from gs_read_bitstream if any of the reads fail. > > Signed-off-by: Jacob von Chorus <jacobvonchorus@xxxxxxxxxx> > --- > drivers/staging/gs_fpgaboot/gs_fpgaboot.c | 48 ++++++++++++++++++++++++------- > 1 file changed, 37 insertions(+), 11 deletions(-) What changed from v1? Always list that below the --- line. Please fix up and resend... thanks, greg k-h _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel