Re: [PATCH v3] firewire: cdev: check write quadlet request lengthto avoid buffer overflow

From: Clemens Ladisch
Date: Wed Jul 07 2010 - 07:55:53 EST

Next message: Stefan Richter: "[PATH] firewire: core: ensure some userspace API constants matchcorresponding kernel API constants"
Previous message: Joel Becker: "[PATCH 2/3] ocfs2: Zero the tail cluster when extending past i_size."
In reply to: Stefan Richter: "[PATCH v3] firewire: cdev: check write quadlet request length toavoid buffer overflow"
Next in thread: Stefan Richter: "Re: [PATCH v3] firewire: cdev: check write quadlet request length toavoid buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Stefan Richter wrote:
> [...] Thus the only problem is that a bogus write quadlet
> request with user-specified length of < 3 will put 1...4 random bytes
> into the packet payload. But this is the user's problem then, not the
> kernel's.

But not being initialized, these are the kernel's bytes that get
disclosed.

Regards,
Clemens
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Stefan Richter: "[PATH] firewire: core: ensure some userspace API constants matchcorresponding kernel API constants"
Previous message: Joel Becker: "[PATCH 2/3] ocfs2: Zero the tail cluster when extending past i_size."
In reply to: Stefan Richter: "[PATCH v3] firewire: cdev: check write quadlet request length toavoid buffer overflow"
Next in thread: Stefan Richter: "Re: [PATCH v3] firewire: cdev: check write quadlet request length toavoid buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]