twx-linux

History

Salva Peiró 084b6e7765 staging/cxt1e1/linux.c: Correct arbitrary memory write in c4_ioctl() The function c4_ioctl() writes data from user in ifr->ifr_data to the kernel struct data arg, without any iolen bounds checking. This can lead to a arbitrary write outside of the struct data arg. Corrected by adding bounds-checking of iolen before the copy_from_user(). Signed-off-by: Salva Peiró <speiro@ai2.upv.es> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2014-03-04 16:20:01 -08:00
..
comet_tables.c
comet_tables.h
comet.c	staging: cxt1e1: fix long lines warning	2013-11-10 08:05:15 -08:00
comet.h	staging: cxt1e1: remove typedef comet_t	2013-11-10 08:05:15 -08:00
functions.c	staging: cxt1e1: remove typedef comet_t	2013-11-10 08:05:15 -08:00
hwprobe.c	staging: cxt1e1: hwprobe.c: Return negative error codes	2013-09-30 18:48:41 -07:00
Kconfig
libsbew.h
linux.c	staging/cxt1e1/linux.c: Correct arbitrary memory write in c4_ioctl()	2014-03-04 16:20:01 -08:00
Makefile
musycc.c	staging: ctxt1e1: Fixed sparse warning related to static declaration	2013-11-10 12:19:16 -08:00
musycc.h
ossiRelease.c
pmc93x6_eeprom.c
pmc93x6_eeprom.h
pmcc4_cpld.h
pmcc4_defs.h
pmcc4_drv.c	staging: cxt1e1: remove typedef comet_t	2013-11-10 08:05:15 -08:00
pmcc4_ioctls.h
pmcc4_private.h	staging: cxt1e1: remove typedef comet_t	2013-11-10 08:05:15 -08:00
pmcc4_sysdep.h
pmcc4.h
sbe_bid.h
sbe_promformat.h
sbecom_inline_linux.h	staging: cxt1e1: sbecom_inline_linux.h: Return NULL instead of 0	2013-09-30 18:48:40 -07:00
sbecrc.c	staging: cxt1e1: sbecrc.c: Use NULL instead of 0	2013-09-30 18:48:40 -07:00
sbeid.c	Drivers: Staging: cxt1e1: stbeid: Fixed whitespace between function and parameters	2013-11-19 15:34:51 -08:00
sbeproc.c	staging: cxt1e1: sbeproc.c: Use NULL instead of 0	2013-09-30 18:48:40 -07:00
sbeproc.h
sbew_ioc.h	Staging:cxt1e1: Fixes whitespace around commas in sbew_ioc.h	2013-10-11 13:09:57 -07:00