kevin/linux
1
Fork 0
Code
6b07d30aca
linux/drivers/char
History
Peter Huewe 6b07d30aca TPM: Call tpm_transmit with correct size 
This patch changes the call of tpm_transmit by supplying the size of the
userspace buffer instead of TPM_BUFSIZE.

This got assigned CVE-2011-1161.

[The first hunk didn't make sense given one could expect
 way less data than TPM_BUFSIZE, so added tpm_transmit boundary
 check over bufsiz instead
 The last parameter of tpm_transmit() reflects the amount
 of data expected from the device, and not the buffer size
 being supplied to it. It isn't ideal to parse it directly,
 so we just set it to the maximum the input buffer can handle
 and let the userspace API to do such job.]

Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
Cc: Stable Kernel <stable@kernel.org>
Signed-off-by: James Morris <jmorris@namei.org>
2011-09-23 09:46:29 +10:00
..
agp agp/intel: Fix typo in G4x_GMCH_SIZE_VT_2M 2011-07-13 07:44:27 +01:00
hw_random n2rng: Attach on Niagara-T3. 2011-07-28 01:26:30 -07:00
ipmi atomic: use <linux/atomic.h> 2011-07-26 16:49:47 -07:00
mwave Fix common misspellings 2011-03-31 11:26:23 -03:00
pcmcia pcmcia: Convert pcmcia_device_id declarations to const 2011-05-06 07:46:22 +02:00
tpm TPM: Call tpm_transmit with correct size 2011-09-23 09:46:29 +10:00
xilinx_hwicap treewide: Convert uses of struct resource to resource_size(ptr) 2011-06-10 14:55:36 +02:00
apm-emulation.c PM: Improve error code of pm_notifier_call_chain() 2011-07-15 23:58:20 +02:00
applicom.c
applicom.h
bfin-otp.c
briq_panel.c
bsr.c treewide: Convert uses of struct resource to resource_size(ptr) 2011-06-10 14:55:36 +02:00
ds1302.c
ds1620.c
dsp56k.c
dtlk.c
efirtc.c
generic_nvram.c drivers: fix up various ->llseek() implementations 2011-07-20 20:47:58 -04:00
genrtc.c
hangcheck-timer.c
hpet.c Merge branch 'x86-vdso-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2011-07-22 17:05:15 -07:00
i8k.c i8k: Integrate with the hwmon subsystem 2011-05-25 20:43:33 +02:00
Kconfig arch/tile: add hypervisor-based character driver for SPI flash ROM 2011-06-10 13:07:48 -04:00
lp.c
Makefile arch/tile: add hypervisor-based character driver for SPI flash ROM 2011-06-10 13:07:48 -04:00
mbcs.c
mbcs.h Fix common misspellings 2011-03-31 11:26:23 -03:00
mem.c kmsg: properly support writev to avoid interleaved printk lines fix 2011-04-19 17:00:48 -07:00
misc.c
mmtimer.c posix-timers: Cleanup namespace 2011-02-02 15:28:19 +01:00
msm_smd_pkt.c drivers/char/msm_smd_pkt.c: don't use IS_ERR() 2011-08-25 16:25:33 -07:00
mspec.c atomic: use <linux/atomic.h> 2011-07-26 16:49:47 -07:00
nsc_gpio.c
nvram.c drivers: fix up various ->llseek() implementations 2011-07-20 20:47:58 -04:00
nwbutton.c Fix common misspellings 2011-03-31 11:26:23 -03:00
nwbutton.h
nwflash.c
pc8736x_gpio.c
ppdev.c drivers/char/ppdev.c: put gotten port value 2011-05-26 17:12:37 -07:00
ps3flash.c fs: push i_mutex and filemap_write_and_wait down into ->fsync() handlers 2011-07-20 20:47:59 -04:00
ramoops.c ramoops: update module parameters 2011-08-03 14:25:21 -10:00
random.c net: Compute protocol sequence numbers and fragment IDs using MD5. 2011-08-06 18:33:19 -07:00
raw.c RAW driver: Remove call to kobject_put(). 2011-05-06 17:52:32 -07:00
rtc.c
scc.h
scx200_gpio.c
snsc_event.c
snsc.c
snsc.h headers: kobject.h redux 2011-01-10 08:51:44 -08:00
sonypi.c Fix common misspellings 2011-03-31 11:26:23 -03:00
tb0219.c
tile-srom.c arch/tile: add hypervisor-based character driver for SPI flash ROM 2011-06-10 13:07:48 -04:00
tlclk.c
toshiba.c
ttyprintk.c tty: now phase out the ioctl file pointer for good 2011-02-17 11:59:56 -08:00
uv_mmtimer.c
viotape.c
virtio_console.c virtio console: don't manually set or finalize VIRTIO_CONSOLE_F_MULTIPORT. 2011-05-30 11:14:13 +09:30