iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/drivers/staging/vt6655
History
Xi Wang 2a58b19fd9 staging: vt6655: integer overflows in private_ioctl() 
There are two potential integer overflows in private_ioctl() if
userspace passes in a large sList.uItem / sNodeList.uItem.  The
subsequent call to kmalloc() would allocate a small buffer, leading
to a memory corruption.

Reported-by: Dan Rosenberg <drosenberg@vsecurity.com>
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-11-30 19:29:40 +09:00
..
80211hdr.h
Staging: vt6655: remove BYTE typedef
2010-06-24 14:23:18 -07:00
80211mgr.c
Staging: vt6655: replace TRUE with in kernel true
2010-08-02 18:17:12 -07:00
80211mgr.h
Staging: vt6655: remove BYTE typedef
2010-06-24 14:23:18 -07:00
aes_ccmp.c
Staging: vt6655: replace BOOL with in kernel bool
2010-08-02 18:17:57 -07:00
aes_ccmp.h
Staging: vt6655: replace BOOL with in kernel bool
2010-08-02 18:17:57 -07:00
baseband.c
Staging: vt6655: replace BOOL with in kernel bool
2010-08-02 18:17:57 -07:00
baseband.h
Staging: vt6655: replace BOOL with in kernel bool
2010-08-02 18:17:57 -07:00
bssdb.c
staging: Remove unnecessary semicolons when if (foo) {...};
2011-04-25 16:58:34 -07:00
bssdb.h
Staging: vt6655: replace BOOL with in kernel bool
2010-08-02 18:17:57 -07:00
card.c
Fix common misspellings
2011-03-31 11:26:23 -03:00
card.h
Staging: vt6655: replace BOOL with in kernel bool
2010-08-02 18:17:57 -07:00
channel.c
Staging: vt6655: replace BOOL with in kernel bool
2010-08-02 18:17:57 -07:00
channel.h
Staging: vt6655: replace BOOL with in kernel bool
2010-08-02 18:17:57 -07:00
country.h
datarate.c
Staging: vt6655: replace BOOL with in kernel bool
2010-08-02 18:17:57 -07:00
datarate.h
Staging: vt6655: replace BOOL with in kernel bool
2010-08-02 18:17:57 -07:00
desc.h
Staging: vt6655: remove BYTE typedef
2010-06-24 14:23:18 -07:00
device_cfg.h
Staging: vt6655: replace FALSE with in kernel false
2010-08-02 18:17:38 -07:00
device_main.c
staging:vt6656: iwctl.c: Removed unneeded function
2011-11-30 19:25:50 +09:00
device.h
staging: vt6655: Fix warnings if CONFIG_PM is not defined
2011-05-06 09:27:34 -07:00
dpc.c
staging: vt6655: simplify MAC printing by using %pM
2011-08-23 14:36:17 -07:00
dpc.h
Staging: vt6655: replace BOOL with in kernel bool
2010-08-02 18:17:57 -07:00
hostap.c
staging: vt6655: Remove NULL check before kfree
2011-03-14 11:57:37 -07:00
hostap.h
IEEE11h.c
staging: vt6655: Fixed all the indents and other errors in IEEE11h.c
2011-08-23 13:27:28 -07:00
IEEE11h.h
Staging: vt6655: replace BOOL with in kernel bool
2010-08-02 18:17:57 -07:00
iocmd.h
Staging: vt665x: remove unused DEF definition
2010-09-16 13:02:36 -07:00
ioctl.c
staging: vt6655: integer overflows in private_ioctl()
2011-11-30 19:29:40 +09:00
ioctl.h
Staging: vt6655: remove DWORD typedef
2010-06-24 14:23:17 -07:00
iowpa.h
iwctl.c
staging:vt6656: iwctl.c: Removed unneeded function
2011-11-30 19:25:50 +09:00
iwctl.h
staging:vt6656: iwctl.c: Removed unneeded function
2011-11-30 19:25:50 +09:00
Kconfig
Staging: vt665?: prevent modules from being built into the kernel.
2011-04-04 21:33:26 -07:00
key.c
Staging: vt6655: replace BOOL with in kernel bool
2010-08-02 18:17:57 -07:00
key.h
Staging: vt6655: replace BOOL with in kernel bool
2010-08-02 18:17:57 -07:00
mac.c
Staging: vt6655: replace BOOL with in kernel bool
2010-08-02 18:17:57 -07:00
mac.h
Staging: vt6655: replace BOOL with in kernel bool
2010-08-02 18:17:57 -07:00
Makefile
Staging: vt6655: Makefile: cleaned up Makefile cflag lines
2010-10-05 11:56:38 -07:00
mib.c
Staging: vt6655: remove BYTE typedef
2010-06-24 14:23:18 -07:00
mib.h
Staging: vt6655: remove BYTE typedef
2010-06-24 14:23:18 -07:00
michael.c
Staging: vt6655: remove BYTE typedef
2010-06-24 14:23:18 -07:00
michael.h
Staging: vt6655: remove DWORD typedef
2010-06-24 14:23:17 -07:00
power.c
staging: Remove unnecessary semicolons when if (foo) {...};
2011-04-25 16:58:34 -07:00
power.h
Staging: vt6655: replace BOOL with in kernel bool
2010-08-02 18:17:57 -07:00
rc4.c
Staging: vt6655: remove BYTE typedef
2010-06-24 14:23:18 -07:00
rc4.h
Staging: vt6655: remove BYTE typedef
2010-06-24 14:23:18 -07:00
rf.c
Staging: vt6655: replace BOOL with in kernel bool
2010-08-02 18:17:57 -07:00
rf.h
Staging: vt6655: replace BOOL with in kernel bool
2010-08-02 18:17:57 -07:00
rxtx.c
staging: Remove unnecessary semicolons when if (foo) {...};
2011-04-25 16:58:34 -07:00
rxtx.h
Staging: vt6655: replace BOOL with in kernel bool
2010-08-02 18:17:57 -07:00
srom.c
Staging: vt6655: replace BOOL with in kernel bool
2010-08-02 18:17:57 -07:00
srom.h
Staging: vt6655: replace BOOL with in kernel bool
2010-08-02 18:17:57 -07:00
tcrc.c
Staging: vt6655: remove BYTE typedef
2010-06-24 14:23:18 -07:00
tcrc.h
Staging: vt6655: remove DWORD typedef
2010-06-24 14:23:17 -07:00
test
tether.c
Staging: vt6655: replace BOOL with in kernel bool
2010-08-02 18:17:57 -07:00
tether.h
Staging: vt6655: replace BOOL with in kernel bool
2010-08-02 18:17:57 -07:00
tkip.c
Staging: vt6655: remove BYTE typedef
2010-06-24 14:23:18 -07:00
tkip.h
Staging: vt6655: remove WORD typedef
2010-06-24 14:23:17 -07:00
tmacro.h
Staging: vt6655: remove BYTE typedef
2010-06-24 14:23:18 -07:00
TODO
Staging: vt6655: Add TODO entries on x86-64 pointers and .data size
2010-06-25 11:11:22 -07:00
ttype.h
Staging: vt6655: remove unused update_BssList definition
2010-09-20 17:01:24 -07:00
upc.h
Staging: vt6655: remove BYTE typedef
2010-06-24 14:23:18 -07:00
vntconfiguration.dat
vntwifi.c
staging: vt6655: '&pointer[0]' to 'pointer' fix
2010-09-20 16:10:56 -07:00
vntwifi.h
Staging: vt6655: replace BOOL with in kernel bool
2010-08-02 18:17:57 -07:00
wcmd.c
staging: Remove unnecessary semicolons when if (foo) {...};
2011-04-25 16:58:34 -07:00
wcmd.h
Staging: vt6655: replace BOOL with in kernel bool
2010-08-02 18:17:57 -07:00
wctl.c
Staging: vt6655: replace BOOL with in kernel bool
2010-08-02 18:17:57 -07:00
wctl.h
Staging: vt6655: replace BOOL with in kernel bool
2010-08-02 18:17:57 -07:00
wmgr.c
staging: vt6655: simplify MAC printing by using %pM
2011-08-23 14:36:17 -07:00
wmgr.h
Fix common misspellings
2011-03-31 11:26:23 -03:00
wpa2.c
drivers/staging: Remove unnecessary semicolons
2010-11-16 12:06:47 -08:00
wpa2.h
Staging: vt6655: remove BYTE typedef
2010-06-24 14:23:18 -07:00
wpa.c
Staging: vt6655: replace BOOL with in kernel bool
2010-08-02 18:17:57 -07:00
wpa.h
Staging: vt6655: replace BOOL with in kernel bool
2010-08-02 18:17:57 -07:00
wpactl.c
Staging: vt6655: memory corruption in check in wpa_set_wpadev()
2011-10-19 13:42:48 -07:00
wpactl.h
Staging: vt6655: replace BOOL with in kernel bool
2010-08-02 18:17:57 -07:00
wroute.c
Staging: vt6655: replace BOOL with in kernel bool
2010-08-02 18:17:57 -07:00
wroute.h
Staging: vt6655: replace BOOL with in kernel bool
2010-08-02 18:17:57 -07:00