* PATCH: 2.6.7-rc3 drivers/char/ipmi/ipmi_devintf.c: user/kernel pointer typo
@ 2004-06-09 23:04 Robert T. Johnson
2004-06-10 1:39 ` viro
2004-06-15 3:44 ` Corey Minyard
0 siblings, 2 replies; 3+ messages in thread
From: Robert T. Johnson @ 2004-06-09 23:04 UTC (permalink / raw)
To: minyard; +Cc: Linux Kernel
Judging from context, I think there's a misplaced "&" in this code that
can cause stack overflows and other nasty problems. Perhaps it's left
over from when msgdata was an array instead of a pointer? Let me know
if you have any questions or I made a mistake.
Best,
Rob
--- linux-2.6.7-rc3-full/drivers/char/ipmi/ipmi_devintf.c.orig Wed Jun 9 12:08:23 2004
+++ linux-2.6.7-rc3-full/drivers/char/ipmi/ipmi_devintf.c Wed Jun 9 12:07:09 2004
@@ -199,7 +199,7 @@ static int handle_send_req(ipmi_user_t
goto out;
}
- if (copy_from_user(&msgdata,
+ if (copy_from_user(msgdata,
req->msg.data,
req->msg.data_len))
{
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: PATCH: 2.6.7-rc3 drivers/char/ipmi/ipmi_devintf.c: user/kernel pointer typo
2004-06-09 23:04 PATCH: 2.6.7-rc3 drivers/char/ipmi/ipmi_devintf.c: user/kernel pointer typo Robert T. Johnson
@ 2004-06-10 1:39 ` viro
2004-06-15 3:44 ` Corey Minyard
1 sibling, 0 replies; 3+ messages in thread
From: viro @ 2004-06-10 1:39 UTC (permalink / raw)
To: Robert T. Johnson; +Cc: minyard, Linux Kernel
On Wed, Jun 09, 2004 at 04:04:59PM -0700, Robert T. Johnson wrote:
> Judging from context, I think there's a misplaced "&" in this code that
> can cause stack overflows and other nasty problems. Perhaps it's left
> over from when msgdata was an array instead of a pointer? Let me know
> if you have any questions or I made a mistake.
ACK.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: PATCH: 2.6.7-rc3 drivers/char/ipmi/ipmi_devintf.c: user/kernel pointer typo
2004-06-09 23:04 PATCH: 2.6.7-rc3 drivers/char/ipmi/ipmi_devintf.c: user/kernel pointer typo Robert T. Johnson
2004-06-10 1:39 ` viro
@ 2004-06-15 3:44 ` Corey Minyard
1 sibling, 0 replies; 3+ messages in thread
From: Corey Minyard @ 2004-06-15 3:44 UTC (permalink / raw)
To: Robert T. Johnson; +Cc: minyard, Linux Kernel
You are obviously right, and it looks like the fix is in the newest
release candidate. Thanks for finding this.
-Corey
Robert T. Johnson wrote:
>Judging from context, I think there's a misplaced "&" in this code that
>can cause stack overflows and other nasty problems. Perhaps it's left
>over from when msgdata was an array instead of a pointer? Let me know
>if you have any questions or I made a mistake.
>
>Best,
>Rob
>
>
>--- linux-2.6.7-rc3-full/drivers/char/ipmi/ipmi_devintf.c.orig Wed Jun 9 12:08:23 2004
>+++ linux-2.6.7-rc3-full/drivers/char/ipmi/ipmi_devintf.c Wed Jun 9 12:07:09 2004
>@@ -199,7 +199,7 @@ static int handle_send_req(ipmi_user_t
> goto out;
> }
>
>- if (copy_from_user(&msgdata,
>+ if (copy_from_user(msgdata,
> req->msg.data,
> req->msg.data_len))
> {
>
>
>
>
>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2004-06-15 3:44 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-06-09 23:04 PATCH: 2.6.7-rc3 drivers/char/ipmi/ipmi_devintf.c: user/kernel pointer typo Robert T. Johnson
2004-06-10 1:39 ` viro
2004-06-15 3:44 ` Corey Minyard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox