1
linux/drivers/staging/comedi
Xi Wang dfd8ee92a9 Staging: comedi: fix integer overflow in do_insnlist_ioctl()
There is a potential integer overflow in do_insnlist_ioctl() if
userspace passes in a large insnlist.n_insns.  The call to kmalloc()
would allocate a small buffer, leading to a memory corruption.

The bug was reported by Dan Carpenter <dan.carpenter@oracle.com>
and Haogang Chen <haogangchen@gmail.com>.  The patch was suggested by
Ian Abbott <abbotti@mev.co.uk> and Lars-Peter Clausen <lars@metafoo.de>.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Reported-by: Haogang Chen <haogangchen@gmail.com>.
Cc: Ian Abbott <abbotti@mev.co.uk>
Cc: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-11-28 04:38:45 +09:00
..
drivers staging: comedi: usbduxsigma: Fixed wrong range for the analogue channel. 2011-11-26 18:34:14 -08:00
kcomedilib
comedi_compat32.c
comedi_compat32.h
comedi_fops.c Staging: comedi: fix integer overflow in do_insnlist_ioctl() 2011-11-28 04:38:45 +09:00
comedi_fops.h
comedi.h
comedidev.h
comedilib.h
drivers.c
internal.h
Kconfig staging: comedi: new driver usbduxsigma 2011-08-23 12:00:45 -07:00
Makefile
proc.c
range.c
TODO