mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-08-24 01:41:39 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers/staging/speakup
History
Samuel Thibault b96fba8d58 staging: speakup: fix wraparound in uaccess length check 
If softsynthx_read() is called with `count < 3`, `count - 3` wraps, causing
the loop to copy as much data as available to the provided buffer. If
softsynthx_read() is invoked through sys_splice(), this causes an
unbounded kernel write; but even when userspace just reads from it
normally, a small size could cause userspace crashes.

Fixes: 425e586cf9 ("speakup: add unicode variant of /dev/softsynth")
Cc: stable@vger.kernel.org
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-07-16 10:04:11 +02:00
..
buffers.c staging: speakup: use true/false instead of 1/0 2018-05-15 09:31:38 +02:00
DefaultKeyAssignments
devsynth.c
fakekey.c staging: speakup: remove redundant license text 2018-01-15 16:03:45 +01:00
i18n.c
i18n.h
Kconfig mn10300: Remove the architecture 2018-03-09 23:19:56 +01:00
keyhelp.c staging: speakup: remove redundant license text 2018-01-15 16:03:45 +01:00
kobjects.c staging: speakup: add SPDX identifier. 2018-01-15 16:03:44 +01:00
main.c staging: speakup: use true/false instead of 1/0 2018-05-15 09:31:38 +02:00
Makefile
selection.c staging: speakup: selection: replace _manual_ swap with swap macro 2017-11-27 09:20:40 +01:00
serialio.c staging: speakup: add SPDX identifier. 2018-01-15 16:03:44 +01:00
serialio.h
speakup.h staging: speakup: Add pause command used on switching to graphical mode 2018-05-06 19:02:37 -07:00
speakup_acnt.h
speakup_acntpc.c staging: speakup: remove redundant license text 2018-01-15 16:03:45 +01:00
speakup_acntsa.c staging: speakup: remove redundant license text 2018-01-15 16:03:45 +01:00
speakup_apollo.c staging: speakup: remove redundant license text 2018-01-15 16:03:45 +01:00
speakup_audptr.c staging: speakup: remove redundant license text 2018-01-15 16:03:45 +01:00
speakup_bns.c staging: speakup: remove redundant license text 2018-01-15 16:03:45 +01:00
speakup_decext.c staging: speakup: remove redundant license text 2018-01-15 16:03:45 +01:00
speakup_decpc.c staging: speakup: match alignment with open parenthesis 2018-03-06 04:01:10 -08:00
speakup_dectlk.c staging: speakup: match alignment with open parenthesis 2018-03-06 04:01:10 -08:00
speakup_dtlk.c staging: speakup: remove space after a cast 2018-02-23 09:54:57 +01:00
speakup_dtlk.h
speakup_dummy.c staging: speakup: Add pause command used on switching to graphical mode 2018-05-06 19:02:37 -07:00
speakup_keypc.c staging: speakup: match alignment with open parenthesis 2018-03-06 04:01:10 -08:00
speakup_ltlk.c staging: speakup: remove redundant license text 2018-01-15 16:03:45 +01:00
speakup_soft.c staging: speakup: fix wraparound in uaccess length check 2018-07-16 10:04:11 +02:00
speakup_spkout.c staging: speakup: remove redundant license text 2018-01-15 16:03:45 +01:00
speakup_txprt.c staging: speakup: remove redundant license text 2018-01-15 16:03:45 +01:00
speakupmap.h
speakupmap.map
spk_priv.h staging: speakup: Add unicode support to the speakup_dummy driver 2018-03-14 12:57:45 +01:00
spk_priv_keyinfo.h staging: speakup: remove redundant license text 2018-01-15 16:03:45 +01:00
spk_ttyio.c staging: speakup: Add blank line after declaration 2018-03-19 17:14:40 +01:00
spk_types.h staging: speakup: Add pause command used on switching to graphical mode 2018-05-06 19:02:37 -07:00
spkguide.txt
synth.c staging: speakup: Add unicode support to the speakup_dummy driver 2018-03-14 12:57:45 +01:00
thread.c staging: speakup: add SPDX identifier. 2018-01-15 16:03:44 +01:00
TODO
varhandlers.c staging: speakup: Add pause command used on switching to graphical mode 2018-05-06 19:02:37 -07:00