Re: [PATCH] Fix buffer overflow in Omnikey CardMan 4040 driver

From: Simon Arlott
Date: Tue Mar 06 2007 - 15:21:44 EST


On 06/03/07 21:12, Marcel Holtmann wrote:
Hi Linus,

the attached patch fixes a buffer overflow in the Omnikey CardMan 4040
driver that could lead to a potential arbitrary code execution with
kernel privileges.

Regards

Marcel


- if (count < 5) {
+ if ((count < 5) || (count > READ_WRITE_BUFFER_SIZE)) {
DEBUGP(2, dev, "<- cm4040_write buffersize=%Zd < 5\n", count);
return -EIO;
}

That debug message needs to be changed too since count won't always be < 5 when it's used.

--
Simon Arlott
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/