On Fri, 2011-04-01 at 19:46 +0300, Luciano Coelho wrote: > We were allocating the size of the NVS file according to the chip ID > and not checking whether the length of the buffer passed was correct > before copying it into the allocated memory. This is a security hole > because buffer overflows can occur if the userspace passes a bigger > file than what is expected. > > With this patch, we check if the size of the data passed from > userspace matches the size required by the chip. > > Reported-by: Ido Yariv <ido@xxxxxxxxxx> > Signed-off-by: Luciano Coelho <coelho@xxxxxx> > --- I'll merge this change so that it fits with the one I sent for 2.6.39 and stable, when time comes. For now, we don't want things overflowing in the wl12xx.git tree either, so fix it there too. ;) -- Cheers, Luca. -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
