| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20111127112539.GB21128@mwanda>
Date: Sun, 27 Nov 2011 14:25:39 +0300
From: Dan Carpenter <dan.carpenter@...cle.com>
To: Greg KH <greg@...ah.com>
Cc: Xi Wang <xi.wang@...il.com>,
"devel@...verdev.osuosl.org" <devel@...verdev.osuosl.org>,
Mori Hess <fmhess@...rs.sourceforge.net>,
"security@...nel.org" <security@...nel.org>,
Lars-Peter Clausen <lars@...afoo.de>,
Ian Abbott <ian.abbott@....co.uk>,
Lucas De Marchi <lucas.demarchi@...fusion.mobi>,
Greg Kroah-Hartman <gregkh@...e.de>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Ian Abbott <abbotti@....co.uk>,
Franky Lin <frankyl@...adcom.com>,
Greg Dietsche <gregory.dietsche@....edu>,
Mark Pearson <markpearson_de@...oo.de>
Subject: Re: [PATCH v3] comedi: integer overflow in do_insnlist_ioctl()
On Sat, Nov 26, 2011 at 06:52:52PM -0800, Greg KH wrote:
> On Fri, Nov 25, 2011 at 04:46:51PM -0500, Xi Wang wrote:
> > There is a potential integer overflow in do_insnlist_ioctl() if
> > userspace passes in a large insnlist.n_insns. The call to kmalloc()
> > would allocate a small buffer, leading to a memory corruption.
> >
> > The bug was reported by Dan Carpenter <dan.carpenter@...cle.com>
> > and Haogang Chen <haogangchen@...il.com>. The patch was suggested by
> > Ian Abbott <abbotti@....co.uk> and Lars-Peter Clausen <lars@...afoo.de>.
> >
> > Signed-off-by: Xi Wang <xi.wang@...il.com>
>
> Hm, I already applied Dan's previous patch, what should I do with this
> one now? Revert Dan's and apply this one, or apply both of them, or
> something else?
Sorry for that, I should have replied to my patch when I learned that
it had a problem.
Please, revert mine and apply Xi Wang's.
regards,
dan carpenter
Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
Powered by blists - more mailing lists