| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 22 Dec 2020 21:13:51 -0500
From: Sasha Levin <sashal@...nel.org>
To: linux-kernel@...r.kernel.org, stable@...r.kernel.org
Cc: Zhang Qilong <zhangqilong3@...wei.com>,
Martijn Coenen <maco@...roid.com>,
Christian Brauner <christian.brauner@...ntu.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Sasha Levin <sashal@...nel.org>, devel@...verdev.osuosl.org
Subject: [PATCH AUTOSEL 5.10 062/217] binder: change error code from postive to negative in binder_transaction
From: Zhang Qilong <zhangqilong3@...wei.com>
[ Upstream commit 88f6c77927e4aee04e0193fd94e13a55753a72b0 ]
Depending on the context, the error return value
here (extra_buffers_size < added_size) should be
negative.
Acked-by: Martijn Coenen <maco@...roid.com>
Acked-by: Christian Brauner <christian.brauner@...ntu.com>
Signed-off-by: Zhang Qilong <zhangqilong3@...wei.com>
Link: https://lore.kernel.org/r/20201026110314.135481-1-zhangqilong3@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Signed-off-by: Sasha Levin <sashal@...nel.org>
---
drivers/android/binder.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index b5117576792bc..8bbfb9124fa29 100644
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -3103,7 +3103,7 @@ static void binder_transaction(struct binder_proc *proc,
if (extra_buffers_size < added_size) {
/* integer overflow of extra_buffers_size */
return_error = BR_FAILED_REPLY;
- return_error_param = EINVAL;
+ return_error_param = -EINVAL;
return_error_line = __LINE__;
goto err_bad_extra_size;
}
--
2.27.0
Powered by blists - more mailing lists