From: Greg KH <greg@kroah.com>
To: Xi Wang <xi.wang@gmail.com>
Cc: Dan Carpenter <dan.carpenter@oracle.com>,
"devel@driverdev.osuosl.org" <devel@driverdev.osuosl.org>,
Mori Hess <fmhess@users.sourceforge.net>,
"security@kernel.org" <security@kernel.org>,
Lars-Peter Clausen <lars@metafoo.de>,
Ian Abbott <ian.abbott@mev.co.uk>,
Lucas De Marchi <lucas.demarchi@profusion.mobi>,
Greg Kroah-Hartman <gregkh@suse.de>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Ian Abbott <abbotti@mev.co.uk>, Franky Lin <frankyl@broadcom.com>,
Greg Dietsche <gregory.dietsche@cuw.edu>,
Mark Pearson <markpearson_de@yahoo.de>
Subject: Re: [PATCH v3] comedi: integer overflow in do_insnlist_ioctl()
Date: Sat, 26 Nov 2011 18:52:52 -0800 [thread overview]
Message-ID: <20111127025252.GA29073@kroah.com> (raw)
In-Reply-To: <4ED00CCB.80604@gmail.com>
On Fri, Nov 25, 2011 at 04:46:51PM -0500, Xi Wang wrote:
> There is a potential integer overflow in do_insnlist_ioctl() if
> userspace passes in a large insnlist.n_insns. The call to kmalloc()
> would allocate a small buffer, leading to a memory corruption.
>
> The bug was reported by Dan Carpenter <dan.carpenter@oracle.com>
> and Haogang Chen <haogangchen@gmail.com>. The patch was suggested by
> Ian Abbott <abbotti@mev.co.uk> and Lars-Peter Clausen <lars@metafoo.de>.
>
> Signed-off-by: Xi Wang <xi.wang@gmail.com>
Hm, I already applied Dan's previous patch, what should I do with this
one now? Revert Dan's and apply this one, or apply both of them, or
something else?
confused,
greg k-h
next prev parent reply other threads:[~2011-11-27 10:06 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-11-23 0:49 [PATCH] comedi: integer overflow in do_insnlist_ioctl() Xi Wang
2011-11-23 6:13 ` Dan Carpenter
2011-11-23 13:59 ` Xi Wang
2011-11-23 14:50 ` Dan Carpenter
2011-11-23 16:06 ` Ian Abbott
2011-11-23 16:53 ` [PATCH v2] " Xi Wang
2011-11-23 21:41 ` [PATCH] " Lars-Peter Clausen
2011-11-23 21:51 ` Dan Carpenter
2011-11-24 19:07 ` Xi Wang
2011-11-25 7:25 ` Dan Carpenter
2011-11-25 21:46 ` [PATCH v3] " Xi Wang
2011-11-27 2:52 ` Greg KH [this message]
2011-11-27 11:25 ` Dan Carpenter
2011-11-27 21:24 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20111127025252.GA29073@kroah.com \
--to=greg@kroah.com \
--cc=abbotti@mev.co.uk \
--cc=dan.carpenter@oracle.com \
--cc=devel@driverdev.osuosl.org \
--cc=fmhess@users.sourceforge.net \
--cc=frankyl@broadcom.com \
--cc=gregkh@suse.de \
--cc=gregory.dietsche@cuw.edu \
--cc=ian.abbott@mev.co.uk \
--cc=lars@metafoo.de \
--cc=linux-kernel@vger.kernel.org \
--cc=lucas.demarchi@profusion.mobi \
--cc=markpearson_de@yahoo.de \
--cc=security@kernel.org \
--cc=xi.wang@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.