mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-05 08:26:59 +00:00
Code Issues Releases Wiki Activity

Staging: bcm: copying more data than intended

Browse source 
This was changed to bcm_flash2x_cs_info instead of bcm_flash_cs_info
when we got rid of the typedefs.  bcm_flash2x_cs_info is quite a bit
larger than bcm_flash_cs_info (436 bytes instead of 96) so it would
corrupt user memory and it's an info leak.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Dan Carpenter 2013-01-09 10:09:19 +03:00 committed by Greg Kroah-Hartman
parent b3d07cf5a1
commit cb9cc9cae9
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
drivers/staging/bcm/Bcmchar.c
View file

@ -1792,7 +1792,7 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
if (IoBuffer.OutputLength < sizeof(struct bcm_flash_cs_info))
return -EINVAL;
if (copy_to_user(IoBuffer.OutputBuffer, Adapter->psFlashCSInfo, sizeof(struct bcm_flash2x_cs_info)))
if (copy_to_user(IoBuffer.OutputBuffer, Adapter->psFlashCSInfo, sizeof(struct bcm_flash_cs_info)))
return -EFAULT;
}
}