| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <tkrat.660183c8cfc89275@s5r6.in-berlin.de> Date: Sun, 4 Jan 2009 16:30:32 +0100 (CET) From: Stefan Richter <stefanr@...6.in-berlin.de> To: linux1394-devel@...ts.sourceforge.net cc: linux-kernel@...r.kernel.org Subject: [PATCH 10/11] firewire: cdev: extend transaction payload size check Make the size check of ioctl_send_request and ioctl_send_broadcast_request speed dependent. Also change the error return code from -EINVAL to -EIO to distinguish this from other errors concerning the ioctl parameters. Another payload size limit for which we don't check here though is the remote node's Bus_Info_Block.max_rec. Signed-off-by: Stefan Richter <stefanr@...6.in-berlin.de> --- drivers/firewire/fw-cdev.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) Index: linux/drivers/firewire/fw-cdev.c =================================================================== --- linux.orig/drivers/firewire/fw-cdev.c +++ linux/drivers/firewire/fw-cdev.c @@ -525,9 +525,8 @@ static int init_request(struct client *c struct outbound_transaction_event *e; int ret; - /* What is the biggest size we'll accept, really? */ - if (request->length > 4096) - return -EINVAL; + if (request->length > 4096 || request->length > 512 << speed) + return -EIO; e = kmalloc(sizeof(*e) + request->length, GFP_KERNEL); if (e == NULL) -- Stefan Richter -=====-==--= ---= --=-- http://arcgraph.de/sr/ -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists