lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <2794a7141faccd80f81938b7af781e83b7ff136b.1475144721.git.jslaby@suse.cz>
Date:   Thu, 29 Sep 2016 12:24:36 +0200
From:   Jiri Slaby <jslaby@...e.cz>
To:     stable@...r.kernel.org
Cc:     linux-kernel@...r.kernel.org, Alexander Shiyan <shc_work@...l.ru>,
        Michael Krufky <mkrufky@...uxtv.org>,
        Mauro Carvalho Chehab <m.chehab@...sung.com>,
        Willy Tarreau <w@....eu>, Jiri Slaby <jslaby@...e.cz>
Subject: [PATCH 3.12 040/119] stb6100: fix buffer length check in stb6100_write_reg_range()

From: Alexander Shiyan <shc_work@...l.ru>

3.12-stable review patch.  If anyone has any objections, please let me know.

===============

commit 7e6bd12fb77b0067df13fb3ba3fadbdff2945396 upstream.

We are checking sizeof() the wrong variable!

Signed-off-by: Alexander Shiyan <shc_work@...l.ru>
Signed-off-by: Michael Krufky <mkrufky@...uxtv.org>
Signed-off-by: Mauro Carvalho Chehab <m.chehab@...sung.com>
Cc: Willy Tarreau <w@....eu>
Signed-off-by: Jiri Slaby <jslaby@...e.cz>
---
 drivers/media/dvb-frontends/stb6100.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/media/dvb-frontends/stb6100.c b/drivers/media/dvb-frontends/stb6100.c
index cea175d19890..4ef8a5c7003e 100644
--- a/drivers/media/dvb-frontends/stb6100.c
+++ b/drivers/media/dvb-frontends/stb6100.c
@@ -193,7 +193,7 @@ static int stb6100_write_reg_range(struct stb6100_state *state, u8 buf[], int st
 		.len	= len + 1
 	};
 
-	if (1 + len > sizeof(buf)) {
+	if (1 + len > sizeof(cmdbuf)) {
 		printk(KERN_WARNING
 		       "%s: i2c wr: len=%d is too big!\n",
 		       KBUILD_MODNAME, len);
-- 
2.10.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ