Re: [PATCH v3] comedi: integer overflow in do_insnlist_ioctl()

[Greg KH]

On Fri, Nov 25, 2011 at 04:46:51PM -0500, Xi Wang wrote:
> There is a potential integer overflow in do_insnlist_ioctl() if
> userspace passes in a large insnlist.n_insns.  The call to kmalloc()
> would allocate a small buffer, leading to a memory corruption.
> 
> The bug was reported by Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> and Haogang Chen <haogangchen@xxxxxxxxx>.  The patch was suggested by
> Ian Abbott <abbotti@xxxxxxxxx> and Lars-Peter Clausen <lars@xxxxxxxxxx>.
> 
> Signed-off-by: Xi Wang <xi.wang@xxxxxxxxx>

Hm, I already applied Dan's previous patch, what should I do with this
one now?  Revert Dan's and apply this one, or apply both of them, or
something else?

confused,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/