* [patch] mtd: sanity check input
@ 2010-09-08 19:39 ` Dan Carpenter
0 siblings, 0 replies; 6+ messages in thread
From: Dan Carpenter @ 2010-09-08 19:39 UTC (permalink / raw)
To: David Woodhouse
Cc: Artem Bityutskiy, Ben Hutchings, H Hartley Sweeten,
Kirill A. Shutemov, linux-mtd, linux-kernel, kernel-janitors
If "ur_idx" is wrong we could go past the end of the array. The
"ur_idx" comes from root so it's not a huge deal, but adding a sanity
check makes the code more robust.
Signed-off-by: Dan Carpenter <error27@gmail.com>
diff --git a/drivers/mtd/mtdchar.c b/drivers/mtd/mtdchar.c
index a825002..9c00549 100644
--- a/drivers/mtd/mtdchar.c
+++ b/drivers/mtd/mtdchar.c
@@ -513,6 +513,9 @@ static int mtd_ioctl(struct file *file, u_int cmd, u_long arg)
if (get_user(ur_idx, &(ur->regionindex)))
return -EFAULT;
+ if (ur_idx >= mtd->numeraseregions)
+ return -EINVAL;
+
kr = &(mtd->eraseregions[ur_idx]);
if (put_user(kr->offset, &(ur->offset))
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [patch] mtd: sanity check input
@ 2010-09-08 19:39 ` Dan Carpenter
0 siblings, 0 replies; 6+ messages in thread
From: Dan Carpenter @ 2010-09-08 19:39 UTC (permalink / raw)
To: David Woodhouse
Cc: Artem Bityutskiy, kernel-janitors, linux-kernel,
H Hartley Sweeten, linux-mtd, Ben Hutchings, Kirill A. Shutemov
If "ur_idx" is wrong we could go past the end of the array. The
"ur_idx" comes from root so it's not a huge deal, but adding a sanity
check makes the code more robust.
Signed-off-by: Dan Carpenter <error27@gmail.com>
diff --git a/drivers/mtd/mtdchar.c b/drivers/mtd/mtdchar.c
index a825002..9c00549 100644
--- a/drivers/mtd/mtdchar.c
+++ b/drivers/mtd/mtdchar.c
@@ -513,6 +513,9 @@ static int mtd_ioctl(struct file *file, u_int cmd, u_long arg)
if (get_user(ur_idx, &(ur->regionindex)))
return -EFAULT;
+ if (ur_idx >= mtd->numeraseregions)
+ return -EINVAL;
+
kr = &(mtd->eraseregions[ur_idx]);
if (put_user(kr->offset, &(ur->offset))
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [patch] mtd: sanity check input
@ 2010-09-08 19:39 ` Dan Carpenter
0 siblings, 0 replies; 6+ messages in thread
From: Dan Carpenter @ 2010-09-08 19:39 UTC (permalink / raw)
To: David Woodhouse
Cc: Artem Bityutskiy, kernel-janitors, linux-kernel,
H Hartley Sweeten, linux-mtd, Ben Hutchings, Kirill A. Shutemov
If "ur_idx" is wrong we could go past the end of the array. The
"ur_idx" comes from root so it's not a huge deal, but adding a sanity
check makes the code more robust.
Signed-off-by: Dan Carpenter <error27@gmail.com>
diff --git a/drivers/mtd/mtdchar.c b/drivers/mtd/mtdchar.c
index a825002..9c00549 100644
--- a/drivers/mtd/mtdchar.c
+++ b/drivers/mtd/mtdchar.c
@@ -513,6 +513,9 @@ static int mtd_ioctl(struct file *file, u_int cmd, u_long arg)
if (get_user(ur_idx, &(ur->regionindex)))
return -EFAULT;
+ if (ur_idx >= mtd->numeraseregions)
+ return -EINVAL;
+
kr = &(mtd->eraseregions[ur_idx]);
if (put_user(kr->offset, &(ur->offset))
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [patch] mtd: sanity check input
2010-09-08 19:39 ` Dan Carpenter
(?)
@ 2010-09-13 8:53 ` Artem Bityutskiy
-1 siblings, 0 replies; 6+ messages in thread
From: Artem Bityutskiy @ 2010-09-13 8:53 UTC (permalink / raw)
To: Dan Carpenter
Cc: David Woodhouse, Ben Hutchings, H Hartley Sweeten,
Kirill A. Shutemov, linux-mtd, linux-kernel, kernel-janitors
On Wed, 2010-09-08 at 21:39 +0200, Dan Carpenter wrote:
> If "ur_idx" is wrong we could go past the end of the array. The
> "ur_idx" comes from root so it's not a huge deal, but adding a sanity
> check makes the code more robust.
>
> Signed-off-by: Dan Carpenter <error27@gmail.com>
>
> diff --git a/drivers/mtd/mtdchar.c b/drivers/mtd/mtdchar.c
> index a825002..9c00549 100644
> --- a/drivers/mtd/mtdchar.c
> +++ b/drivers/mtd/mtdchar.c
> @@ -513,6 +513,9 @@ static int mtd_ioctl(struct file *file, u_int cmd, u_long arg)
> if (get_user(ur_idx, &(ur->regionindex)))
> return -EFAULT;
>
> + if (ur_idx >= mtd->numeraseregions)
> + return -EINVAL;
> +
Pushed to l2-mtd-2.6.git with my "Signed-off-by", thanks.
--
Best Regards,
Artem Bityutskiy (Артём Битюцкий)
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [patch] mtd: sanity check input
@ 2010-09-13 8:53 ` Artem Bityutskiy
0 siblings, 0 replies; 6+ messages in thread
From: Artem Bityutskiy @ 2010-09-13 8:53 UTC (permalink / raw)
To: Dan Carpenter
Cc: kernel-janitors, linux-kernel, H Hartley Sweeten, linux-mtd,
Ben Hutchings, Kirill A. Shutemov, David Woodhouse
On Wed, 2010-09-08 at 21:39 +0200, Dan Carpenter wrote:
> If "ur_idx" is wrong we could go past the end of the array. The
> "ur_idx" comes from root so it's not a huge deal, but adding a sanity
> check makes the code more robust.
>
> Signed-off-by: Dan Carpenter <error27@gmail.com>
>
> diff --git a/drivers/mtd/mtdchar.c b/drivers/mtd/mtdchar.c
> index a825002..9c00549 100644
> --- a/drivers/mtd/mtdchar.c
> +++ b/drivers/mtd/mtdchar.c
> @@ -513,6 +513,9 @@ static int mtd_ioctl(struct file *file, u_int cmd, u_long arg)
> if (get_user(ur_idx, &(ur->regionindex)))
> return -EFAULT;
>
> + if (ur_idx >= mtd->numeraseregions)
> + return -EINVAL;
> +
Pushed to l2-mtd-2.6.git with my "Signed-off-by", thanks.
--
Best Regards,
Artem Bityutskiy (Артём Битюцкий)
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [patch] mtd: sanity check input
@ 2010-09-13 8:53 ` Artem Bityutskiy
0 siblings, 0 replies; 6+ messages in thread
From: Artem Bityutskiy @ 2010-09-13 8:53 UTC (permalink / raw)
To: Dan Carpenter
Cc: kernel-janitors, linux-kernel, H Hartley Sweeten, linux-mtd,
Ben Hutchings, Kirill A. Shutemov, David Woodhouse
On Wed, 2010-09-08 at 21:39 +0200, Dan Carpenter wrote:
> If "ur_idx" is wrong we could go past the end of the array. The
> "ur_idx" comes from root so it's not a huge deal, but adding a sanity
> check makes the code more robust.
>
> Signed-off-by: Dan Carpenter <error27@gmail.com>
>
> diff --git a/drivers/mtd/mtdchar.c b/drivers/mtd/mtdchar.c
> index a825002..9c00549 100644
> --- a/drivers/mtd/mtdchar.c
> +++ b/drivers/mtd/mtdchar.c
> @@ -513,6 +513,9 @@ static int mtd_ioctl(struct file *file, u_int cmd, u_long arg)
> if (get_user(ur_idx, &(ur->regionindex)))
> return -EFAULT;
>
> + if (ur_idx >= mtd->numeraseregions)
> + return -EINVAL;
> +
Pushed to l2-mtd-2.6.git with my "Signed-off-by", thanks.
--
Best Regards,
Artem Bityutskiy (Артём Битюцкий)
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2010-09-13 8:55 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-09-08 19:39 [patch] mtd: sanity check input Dan Carpenter
2010-09-08 19:39 ` Dan Carpenter
2010-09-08 19:39 ` Dan Carpenter
2010-09-13 8:53 ` Artem Bityutskiy
2010-09-13 8:53 ` Artem Bityutskiy
2010-09-13 8:53 ` Artem Bityutskiy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.