1
linux/drivers/char
Eric Paris fbaa58696c TPM: get_event_name stack corruption
get_event_name uses sprintf to fill a buffer declared on the stack.  It fills
the buffer 2 bytes at a time.  What the code doesn't take into account is that
sprintf(buf, "%02x", data) actually writes 3 bytes.  2 bytes for the data and
then it nul terminates the string.  Since we declare buf to be 40 characters
long and then we write 40 bytes of data into buf sprintf is going to write 41
characters.  The fix is to leave room in buf for the nul terminator.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
2009-05-20 08:30:05 +10:00
..
agp Merge branch 'drm-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6 2009-04-20 08:42:48 -07:00
hw_random virtio-rng: Remove false BUG for spurious callbacks 2009-04-24 13:28:30 -07:00
ip2 proc tty: switch ip2 to ->proc_fops 2009-04-01 08:59:08 -07:00
ipmi ipmi: add oem message handling 2009-04-21 13:41:48 -07:00
mwave mwave: struct device - replace bus_id with dev_name(), dev_set_name() 2009-01-06 10:44:38 -08:00
pcmcia proc tty: switch synclink_cs to ->proc_fops 2009-04-01 08:59:08 -07:00
rio rio: addition has higher precedence than ?: 2009-04-06 14:36:43 -07:00
tpm TPM: get_event_name stack corruption 2009-05-20 08:30:05 +10:00
xilinx_hwicap xilinx_hwicap: remove improper wording in license statement 2008-12-17 11:23:07 -08:00
.gitignore
amiserial.c proc tty: switch amiserial to ->proc_fops 2009-04-01 08:59:10 -07:00
apm-emulation.c APM emulation: Notify about all suspend events, not just APM invoked ones (v2) 2008-07-16 23:27:02 +02:00
applicom.c applicom: Auto-load applicom module when device opened. 2009-04-06 14:36:30 -07:00
applicom.h
bfin-otp.c
briq_panel.c briq_panel: BKL pushdown 2008-06-20 14:05:55 -06:00
bsr.c trivial: drivers/char/bsr.c: Storage class should be before const qualifier 2009-03-30 15:22:02 +02:00
cd1865.h
ChangeLog
consolemap.c consolemap: indentation & braces disagree - reindent 2009-01-06 15:59:30 -08:00
cp437.uni unicode table for cp437 2008-12-13 11:25:49 -08:00
cs5535_gpio.c Add a bunch of cycle_kernel_lock() calls 2008-06-20 14:05:53 -06:00
cyclades.c cyclades: Auto-load cyclades module when device opened. 2009-04-06 14:36:30 -07:00
defkeymap.c_shipped
defkeymap.map
digi1.h
digiFep1.h
digiPCI.h
ds1302.c rtc: use bcd2bin/bin2bcd 2008-10-20 08:52:41 -07:00
ds1620.c [ARM] netwinder: clean up GPIO naming 2008-12-13 09:12:07 +00:00
dsp56k.c device create: char: convert device_create_drvdata to device_create 2008-10-16 09:24:42 -07:00
dtlk.c Add a bunch of cycle_kernel_lock() calls 2008-06-20 14:05:53 -06:00
efirtc.c drivers/char/efirtc.c: removed duplicated #include 2008-08-04 16:59:56 -07:00
epca.c trivial: fix an -> a typos in documentation and comments 2009-01-06 11:28:07 +01:00
epca.h epca: use tty_port 2008-07-20 17:12:36 -07:00
epcaconfig.h
esp.c esp: fix section mismatch warning 2009-04-07 08:31:03 -07:00
generic_nvram.c
generic_serial.c tty: Remove some pointless casts 2009-01-02 10:19:40 -08:00
genrtc.c genrtc: BKL pushdown 2008-06-20 14:05:57 -06:00
hangcheck-timer.c
hpet.c clocksource: pass clocksource to read() callback 2009-04-21 13:41:47 -07:00
hvc_beat.c powerpc/cell: Use correct types in beat files 2009-01-08 16:25:16 +11:00
hvc_console.c hvc_console: Remove tty->low_latency 2009-01-16 16:15:16 +11:00
hvc_console.h powerpc: Make open count variables signed in hvcs/hvsi/hvc_console 2008-12-03 21:04:13 +11:00
hvc_irq.c hvc_console: Call free_irq() only if request_irq() was successful 2009-01-13 14:48:01 +11:00
hvc_iseries.c drivers/hvc: Add missing of_node_put 2008-12-03 21:04:09 +11:00
hvc_iucv.c [S390] hvc_iucv: Provide IUCV z/VM user ID filtering 2009-03-26 15:24:08 +01:00
hvc_rtas.c
hvc_udbg.c powerpc: udbg-based backend for hvc_console 2008-11-19 16:04:25 +11:00
hvc_vio.c drivers/hvc: Add missing of_node_put 2008-12-03 21:04:09 +11:00
hvc_xen.c hvc_console: Add a hangup notifier for backends 2008-10-22 10:59:54 +11:00
hvcs.c hvc_console: Remove tty->low_latency on pseries backends 2009-03-11 10:44:26 +11:00
hvsi.c hvc_console: Remove tty->low_latency on pseries backends 2009-03-11 10:44:26 +11:00
i8k.c i8k: Add Dell Vostro systems 2009-01-02 10:28:32 -08:00
isicom.c isicom: isicom kref leak fix 2009-04-06 14:36:33 -07:00
istallion.c proc tty: switch istallion to ->proc_fops 2009-04-01 08:59:08 -07:00
Kconfig NVRAM depends on RTC_DRV_CMOS 2009-01-31 01:21:59 +01:00
keyboard.c Input: keyboard - fix potential out of bound access to key_map 2008-10-08 23:45:36 -04:00
lp.c device create: char: convert device_create_drvdata to device_create 2008-10-16 09:24:42 -07:00
Makefile Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc 2008-12-28 16:54:33 -08:00
mbcs.c mbcs: cdev lock_kernel() pushdown 2008-06-20 14:05:48 -06:00
mbcs.h
mem.c x86, PAT: Remove duplicate memtype reserve in devmem mmap 2009-04-10 13:55:48 +02:00
misc.c device create: char: convert device_create_drvdata to device_create 2008-10-16 09:24:42 -07:00
mmtimer.c mmtimer: Push BKL down into the ioctl handler 2008-07-17 11:34:49 -07:00
moxa.c tty: moxa, fix refcounting in moxa_poll_port 2009-04-06 14:36:33 -07:00
moxa.h
mspec.c mspec: convert nopfn to fault 2008-07-24 10:47:14 -07:00
mxser.c mxser: remove tty_port_tty_get from mxser_check_modem_status 2009-04-06 14:36:33 -07:00
mxser.h
n_hdlc.c tty: some ICANON magic is in the wrong places 2008-10-13 09:51:44 -07:00
n_r3964.c tty: Remove some pointless casts 2009-01-02 10:19:40 -08:00
n_tty.c tty: N_TTY SIGIO only works for read 2009-01-02 10:19:40 -08:00
nozomi.c tty: kref nozomi 2009-01-02 10:19:40 -08:00
nsc_gpio.c
nvram.c [PATCH] nvram - convert PRINT_PROC to seq_file 2008-11-11 09:56:00 +00:00
nwbutton.c
nwbutton.h
nwflash.c [ARM] netwinder: clean up GPIO naming 2008-12-13 09:12:07 +00:00
pc8736x_gpio.c pc8736x_gpio: add support for PC87365 chips 2008-10-20 08:52:40 -07:00
ppdev.c device create: char: convert device_create_drvdata to device_create 2008-10-16 09:24:42 -07:00
ps3flash.c powerpc/ps3: Printing fixups for l64 to ll64 conversion drivers/char 2009-01-16 16:15:14 +11:00
pty.c pty: Fix documentation 2009-01-12 16:37:00 -08:00
random.c Avoid ICE in get_random_int() with gcc-3.4.5 2009-05-19 11:25:35 -07:00
raw.c Add a missing unlock_kernel() in raw_open() 2009-03-27 10:59:09 -06:00
riscom8_reg.h
riscom8.c riscom8: Auto-load riscom8 module when device opened. 2009-04-06 14:36:31 -07:00
riscom8.h tty: add more tty_port fields 2008-07-20 17:12:38 -07:00
rocket_int.h tty: rocketport uses different port flags to everyone else 2009-01-02 10:19:39 -08:00
rocket.c tty: use port methods for the rocket driver 2009-01-02 10:19:42 -08:00
rocket.h tty: rocketport uses different port flags to everyone else 2009-01-02 10:19:39 -08:00
rtc.c RTC: Remove the BKL. 2009-01-08 16:44:03 -07:00
scc.h m68k: atari - Rename "mfp" to "st_mfp" 2009-02-22 09:23:02 -08:00
scx200_gpio.c Add a bunch of cycle_kernel_lock() calls 2008-06-20 14:05:53 -06:00
selection.c Fix memory corruption in console selection 2009-01-31 15:51:31 -08:00
ser_a2232.c m68k: ser_a2232 - Kill warn_unused_result warnings 2009-01-12 20:56:39 +01:00
ser_a2232.h
ser_a2232fw.ax
ser_a2232fw.h
serial167.c tty: Remove some pointless casts 2009-01-02 10:19:40 -08:00
snsc_event.c
snsc.c device create: char: convert device_create_drvdata to device_create 2008-10-16 09:24:42 -07:00
snsc.h
sonypi.c Rationalize fasync return values 2009-03-16 08:34:35 -06:00
specialix_io8.h tty: add more tty_port fields 2008-07-20 17:12:38 -07:00
specialix.c specialix: Auto-load specialix module when device opened. 2009-04-06 14:36:31 -07:00
stallion.c proc tty: switch stallion to ->proc_fops 2009-04-01 08:59:09 -07:00
sx.c sx.c: avoid referencing freed memory if copy_from_user() fails 2009-02-20 17:57:49 -08:00
sx.h
sxboards.h
sxwindow.h
synclink_gt.c synclink_gt: add clock options 2009-04-02 19:05:01 -07:00
synclink.c proc tty: switch synclink to ->proc_fops 2009-04-01 08:59:09 -07:00
synclinkmp.c proc tty: switch synclinkmp to ->proc_fops 2009-04-01 08:59:09 -07:00
sysrq.c sysrq, intel_fb: fix sysrq g collision 2009-05-15 07:56:24 -05:00
tb0219.c Add a bunch of cycle_kernel_lock() calls 2008-06-20 14:05:53 -06:00
tlclk.c tlckl: BKL pushdown 2008-06-20 14:05:51 -06:00
toshiba.c
tty_audit.c Trim includes of fdtable.h 2009-03-31 23:00:28 -04:00
tty_buffer.c tty: split the buffering from tty_io 2008-10-13 09:51:40 -07:00
tty_io.c pids: kill signal_struct-> __pgrp/__session and friends 2009-04-02 19:05:02 -07:00
tty_ioctl.c tty: Fix race in the flush for some ldiscs 2009-01-15 12:48:35 -08:00
tty_ldisc.c Trim includes of fdtable.h 2009-03-31 23:00:28 -04:00
tty_port.c tty: use port methods for the rocket driver 2009-01-02 10:19:42 -08:00
vc_screen.c vcs: hook sysfs devices into object lifetime instead of "binding" 2009-03-24 16:38:26 -07:00
viotape.c device create: char: convert device_create_drvdata to device_create 2008-10-16 09:24:42 -07:00
virtio_console.c virtio_console: support console resizing 2008-12-30 09:26:10 +10:30
vme_scc.c m68k: vme_scc - Kill warn_unused_result warnings 2009-01-12 20:56:38 +01:00
vr41xx_giu.c drivers/char: use nr_irqs 2008-10-16 16:52:05 +02:00
vt_ioctl.c vt: Add a note on the historical abuse of CLOCK_TICK_RATE 2009-05-06 14:47:13 -07:00
vt.c Revert "console ASCII glyph 1:1 mapping" 2009-04-19 10:51:40 -07:00