iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/drivers/char
History
Dan Carpenter 0627cef361 ipmi: ssif_bmc: prevent integer overflow on 32bit systems 
There are actually two bugs here.  First, we need to ensure that count
is at least sizeof(u32) or msg.len will be uninitialized data.

The "msg.len" variable is a u32 that comes from the user.  On 32bit
systems the "sizeof_field(struct ipmi_ssif_msg, len) + msg.len"
addition can overflow if "msg.len" is greater than U32_MAX - 4.

Valid lengths for "msg.len" are 1-254.  Add a check for that to
prevent the integer overflow.

Fixes: dd2bc5cc9e25 ("ipmi: ssif_bmc: Add SSIF BMC driver")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Message-Id: <1431ca2e-4e9c-4520-bfc0-6879313c30e9@moroto.mountain>
Signed-off-by: Corey Minyard <corey@minyard.net>
2024-06-14 13:51:36 -05:00
..
agp
alpha: don't make functions public without a reason
2024-05-03 22:09:21 +02:00
hw_random
This push fixes a new run-time warning triggered by tpm.
2024-05-29 09:12:58 -07:00
ipmi
ipmi: ssif_bmc: prevent integer overflow on 32bit systems
2024-06-14 13:51:36 -05:00
mwave
char/mwave: Adjust io port register size
2021-12-03 14:27:06 +01:00
tpm
tpm: Switch to new Intel CPU model defines
2024-06-05 04:55:04 +03:00
xilinx_hwicap
char: xilinx_hwicap: Fix NULL vs IS_ERR() bug
2024-03-07 21:48:38 +00:00
xillybus
char: xillybus: Convert to platform remove callback returning void
2024-03-07 21:49:30 +00:00
adi.c
apm-emulation.c
apm-emulation: drop unexpected word "the" in the comments
2022-06-27 16:15:27 +02:00
applicom.c
applicom: Fix PCI device refcount leak in applicom_init()
2023-01-20 13:05:39 +01:00
applicom.h
bsr.c
char: Explicitly include correct DT includes
2023-07-30 18:15:27 +02:00
ds1620.c
dsp56k.c
dsp56k: make dsp56k_class a static const structure
2023-06-23 10:27:08 +02:00
dtlk.c
hangcheck-timer.c
hpet.c
hpet: remove hpets::hp_clocksource
2024-03-07 21:48:00 +00:00
Kconfig
arch: Remove Itanium (IA-64) architecture
2023-09-11 08:13:17 +00:00
lp.c
char: lp: make lp_class a static const structure
2023-06-23 10:27:11 +02:00
Makefile
arch: Remove Itanium (IA-64) architecture
2023-09-11 08:13:17 +00:00
mem.c
Char/Misc and other driver subsystem changes for 6.10-rc1
2024-05-22 12:26:46 -07:00
misc.c
char: misc: make misc_class a static const structure
2023-06-23 10:27:15 +02:00
nsc_gpio.c
nvram.c
treewide: Use fallthrough pseudo-keyword
2020-08-23 17:36:59 -05:00
nwbutton.c
nwbutton.h
misc: cleanup minor number definitions in c file into miscdevice.h
2020-03-18 12:27:03 +01:00
nwflash.c
misc: move FLASH_MINOR into miscdevice.h and fix conflicts
2020-03-18 12:27:04 +01:00
pc8736x_gpio.c
powernv-op-panel.c
powerpc/powernv: Convert to platform remove callback returning void
2024-04-11 15:26:59 +02:00
ppdev.c
ppdev: Add an error check in register_device
2024-05-04 18:59:38 +02:00
ps3flash.c
powerpc/ps3: make system bus's remove and shutdown callbacks return void
2020-12-04 01:01:22 +11:00
random.c
random: handle creditable entropy from atomic process context
2024-04-17 13:53:18 +02:00
scx200_gpio.c
sonypi.c
sonypi: Convert to platform remove callback returning void
2024-04-11 15:27:02 +02:00
tlclk.c
drivers: char: tlclk.c: Avoid data race between init and interrupt handler
2020-04-23 16:55:24 +02:00
toshiba.c
module: remove never implemented MODULE_SUPPORTED_DEVICE
2021-03-17 13:16:18 -07:00
ttyprintk.c
tty: ttyprintk: convert to u8 and size_t
2023-12-08 12:02:38 +01:00
uv_mmtimer.c
virtio_console.c
virtio_console: drop owner assignment
2024-05-22 08:31:16 -04:00