On Mon, Mar 19, 2018 at 02:07:45PM +0300, Dan Carpenter wrote: > If the server is malicious then *bytes_read could be larger than the > size of the "target" buffer. It would lead to memory corruption when we > do the memcpy(). > > Reported-by: Dr Silvio Cesare of InfoSect <Silvio Cesare <silvio.cesare@xxxxxxxxx> > Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> > > diff --git a/drivers/staging/ncpfs/ncplib_kernel.c b/drivers/staging/ncpfs/ncplib_kernel.c > index 804adfebba2f..3e047eb4cc7c 100644 > --- a/drivers/staging/ncpfs/ncplib_kernel.c > +++ b/drivers/staging/ncpfs/ncplib_kernel.c Ugh, I have like 2 more months before I delete this code :) Anyway, nice find, and fix, I'll go queue it up now, thanks. greg k-h _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
