Re: [CHECKER] 5 potential user-pointer errors that allow arbitrary reads from kernel

From: Michael Hunold (hunold-ml@web.de)
Date: Thu May 01 2003 - 07:54:17 EST

Next message: Alan Cox: "Re: [PATCH 2.4.21-rc1] vesafb with large memory"
Previous message: Jesse Pollard: "Re: Why DRM exists [was Re: Flame Linus to a crisp!]"
Next in thread: Junfeng Yang: "Re: [CHECKER] 5 potential user-pointer errors that allow arbitrary reads from kernel"
Reply: Junfeng Yang: "Re: [CHECKER] 5 potential user-pointer errors that allow arbitrary reads from kernel"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello Junfeng,

> This is a resend (the previous report was ignored, however I feel that
> these bugs could be severe).

> Please confirm or clarify. Thanks!

> [BUG] proc_dir_entry.write_proc can take tainted inputs.
> av7110_ir_write_proc is assigned to proc_dir_entry.write_proc
>
> /home/junfeng/linux-2.5.63/drivers/media/dvb/av7110/av7110_ir.c:116:av7110_ir_write_proc:
> ERROR:TAINTED:116:116: passing tainted ptr 'buffer' to __constant_memcpy
> [Callstack:
> /home/junfeng/linux-2.5.63/net/core/pktgen.c:991:av7110_ir_write_proc((tainted
> 1))]

Confirmed. I'll post a patch when I'm back at work again on Monday.

CU
Michael.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Cox: "Re: [PATCH 2.4.21-rc1] vesafb with large memory"
Previous message: Jesse Pollard: "Re: Why DRM exists [was Re: Flame Linus to a crisp!]"
Next in thread: Junfeng Yang: "Re: [CHECKER] 5 potential user-pointer errors that allow arbitrary reads from kernel"
Reply: Junfeng Yang: "Re: [CHECKER] 5 potential user-pointer errors that allow arbitrary reads from kernel"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Wed May 07 2003 - 22:00:13 EST