iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/drivers
History
Denis Efremov 9b04609b78 floppy: fix invalid pointer dereference in drive_name 
This fixes the invalid pointer dereference in the drive_name function of
the floppy driver.

The native_format field of the struct floppy_drive_params is used as
floppy_type array index in the drive_name function.  Thus, the field
should be checked the same way as the autodetect field.

To trigger the bug, one could use a value out of range and set the drive
parameters with the FDSETDRVPRM ioctl.  Next, FDGETDRVTYP ioctl should
be used to call the drive_name.  A floppy disk is not required to be
inserted.

CAP_SYS_ADMIN is required to call FDSETDRVPRM.

The patch adds the check for a value of the native_format field to be in
the '0 <= x < ARRAY_SIZE(floppy_type)' range of the floppy_type array
indices.

The bug was found by syzkaller.

Signed-off-by: Denis Efremov <efremov@ispras.ru>
Tested-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-07-17 14:45:50 -07:00
..
accessibility
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 70
2019-05-24 17:36:47 +02:00
acpi
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
amba
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
android
binder: fix possible UAF when freeing buffer
2019-06-13 10:35:55 +02:00
ata
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
atm
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174
2019-05-30 11:26:41 -07:00
auxdisplay
auxdisplay/ht16k33.c: Convert to use vm_map_pages_zero()
2019-06-20 15:06:24 +02:00
base
drivers/base/devres: introduce devm_release_action()
2019-06-13 17:34:56 -10:00
bcma
block
floppy: fix invalid pointer dereference in drive_name
2019-07-17 14:45:50 -07:00
bluetooth
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 333
2019-06-05 17:37:06 +02:00
bus
SPDX update for 5.2-rc6
2019-06-21 09:58:42 -07:00
cdrom
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 1
2019-05-21 11:28:39 +02:00
char
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 505
2019-06-19 17:11:22 +02:00
clk
A handful of clk driver fixes and one core framework fix
2019-06-28 08:50:09 +08:00
clocksource
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
connector
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156
2019-05-30 11:26:35 -07:00
counter
Second set of IIO fixes for the 5.2 cycle.
2019-06-17 22:28:29 +02:00
cpufreq
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
cpuidle
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
crypto
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
dax
mm/devm_memremap_pages: fix final page put race
2019-06-13 17:34:56 -10:00
dca
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 33
2019-05-24 17:27:11 +02:00
devfreq
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
dio
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
dma
dmaengine fixes for v5.2
2019-07-06 10:06:37 -07:00
dma-buf
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 234
2019-06-19 17:09:07 +02:00
edac
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441
2019-06-05 17:37:17 +02:00
eisa
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 210
2019-05-30 11:29:53 -07:00
extcon
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
firewire
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156
2019-05-30 11:26:35 -07:00
firmware
Merge branch 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2019-06-29 19:32:09 +08:00
fmc
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 60
2019-05-24 17:36:45 +02:00
fpga
SPDX update for 5.2-rc4
2019-06-08 12:52:42 -07:00
fsi
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 469
2019-06-19 17:09:11 +02:00
gnss
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
gpio
gpio/spi: Fix spi-gpio regression on active high CS
2019-07-02 22:31:37 +02:00
gpu
drm/imx: fix stale vblank timestamp after a modeset
2019-07-05 14:51:03 +10:00
hid
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid
2019-06-28 08:39:18 +08:00
hsi
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 336
2019-06-05 17:37:07 +02:00
hv
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 320
2019-06-05 17:37:05 +02:00
hwmon
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
hwspinlock
hwtracing
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
i2c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
i3c
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
ide
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
idle
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 335
2019-06-05 17:37:06 +02:00
iio
Staging/IIO/Counter fixes for 5.2-rc6
2019-06-21 10:20:19 -07:00
infiniband
RDMA/efa: Handle mmap insertions overflow
2019-06-18 16:27:24 -04:00
input
SPDX update for 5.2-rc6
2019-06-21 09:58:42 -07:00
interconnect
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
iommu
IOMMU Fix for v5.2-rc5:
2019-06-22 14:08:47 -07:00
ipack
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441
2019-06-05 17:37:17 +02:00
irqchip
Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2019-06-29 19:36:53 +08:00
isdn
SPDX update for 5.2-rc3, round 1
2019-05-31 08:34:32 -07:00
leds
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
lightnvm
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 410
2019-06-05 17:37:14 +02:00
macintosh
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 247
2019-06-19 17:09:08 +02:00
mailbox
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
mcb
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441
2019-06-05 17:37:17 +02:00
md
- Fix incorrect uses of kstrndup and DM logging macros in DM's early
2019-06-28 08:48:21 +08:00
media
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
memory
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
memstick
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
message
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
mfd
- Bug Fixes
2019-06-25 03:41:03 +08:00
misc
Char/Misc driver fixes for 5.2-rc6
2019-06-21 10:18:16 -07:00
mmc
SPDX update for 5.2-rc6
2019-06-21 09:58:42 -07:00
mtd
mtd: rawnand: sunxi: Add A23/A33 DMA support with extra MBUS configuration
2019-07-05 22:30:58 +02:00
mux
net
ipv6: constify rt6_nexthop()
2019-06-26 13:26:08 -07:00
nfc
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 417
2019-06-05 17:37:15 +02:00
ntb
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 288
2019-06-05 17:36:37 +02:00
nubus
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
nvdimm
mm/devm_memremap_pages: fix final page put race
2019-06-13 17:34:56 -10:00
nvme
Merge branch 'nvme-5.2-rc-next' of git://git.infradead.org/nvme into for-linus
2019-06-07 14:04:28 -06:00
nvmem
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
of
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 428
2019-06-05 17:37:16 +02:00
opp
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
oprofile
parisc
SPDX update for 5.2-rc4
2019-06-08 12:52:42 -07:00
parport
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
pci
PCI: PM: Avoid skipping bus-level PM on platforms without ACPI
2019-06-26 23:51:56 +02:00
pcmcia
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
perf
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
phy
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
pinctrl
Pin control fixes for the v5.2 cycle:
2019-06-29 16:51:10 +08:00
platform
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
pnp
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 150
2019-05-30 11:25:19 -07:00
power
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
powercap
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 309
2019-06-05 17:37:04 +02:00
pps
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 61
2019-05-24 17:36:45 +02:00
ps3
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 167
2019-05-30 11:26:39 -07:00
ptp
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 167
2019-05-30 11:26:39 -07:00
pwm
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
rapidio
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157
2019-05-30 11:26:37 -07:00
ras
RAS/CEC: Convert the timer callback to a workqueue
2019-06-07 23:21:39 +02:00
regulator
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
remoteproc
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
reset
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
rpmsg
rtc
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
s390
vfio-ccw: Destroy kmem cache region on module exit
2019-06-13 15:52:28 +02:00
sbus
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 61
2019-05-24 17:36:45 +02:00
scsi
SCSI fixes on 20190628
2019-06-29 16:59:45 +08:00
sfi
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
sh
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
siox
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
slimbus
sn
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
soc
This set of patches fixes regressions introduced in v5.2 kernel when DA8xx
2019-07-02 15:13:20 -07:00
soundwire
soundwire fixes for v5.2-rc4
2019-06-10 18:07:39 +02:00
spi
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
spmi
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 284
2019-06-05 17:36:37 +02:00
ssb
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
staging
Merge branch 'erofs_fix' into staging-linus
2019-06-17 22:59:28 +02:00
target
SCSI fixes on 20190705
2019-07-06 09:56:20 -07:00
tc
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
tee
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 282
2019-06-05 17:36:37 +02:00
thermal
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
thunderbolt
thunderbolt: Implement CIO reset correctly for Titan Ridge
2019-06-14 14:25:43 +03:00
tty
vt/fbcon: deinitialize resources in visual_init() after failed memory allocation
2019-05-24 17:08:18 +02:00
uio
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
usb
usb: fixes for v5.2-rc5
2019-06-20 11:56:35 +02:00
uwb
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 234
2019-06-19 17:09:07 +02:00
vfio
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
vhost
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 482
2019-06-19 17:09:52 +02:00
video
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
virt
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
virtio
virtio: Fix indentation of VIRTIO_MMIO
2019-05-27 11:08:22 -04:00
visorbus
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
vlynq
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 102
2019-05-24 17:39:00 +02:00
vme
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
w1
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
watchdog
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
xen
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
zorro
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
Kconfig
Makefile