linux/drivers/net/hamradio
Alan Cox ad9798967d 6pack: fix buffer length mishandling
Dmitry Vyukov wrote:
> different runs). Looking at code, the following looks suspicious -- we
> limit copy by 512 bytes, but use the original count which can be
> larger than 512:
>
> static void sixpack_receive_buf(struct tty_struct *tty,
>     const unsigned char *cp, char *fp, int count)
> {
>     unsigned char buf[512];
>     ....
>     memcpy(buf, cp, count < sizeof(buf) ? count : sizeof(buf));
>     ....
>     sixpack_decode(sp, buf, count1);

With the sane tty locking we now have I believe the following is safe as
we consume the bytes and move them into the decoded buffer before
returning.

Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-20 22:51:30 -04:00
..
6pack.c 6pack: fix buffer length mishandling 2016-09-20 22:51:30 -04:00
baycom_epp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2016-05-17 16:26:30 -07:00
baycom_par.c hamradio: baycom: fix old-style declaration 2016-06-16 22:06:30 -07:00
baycom_ser_fdx.c
baycom_ser_hdx.c
bpqether.c hamradio: use IS_ENABLED() instead of checking for built-in or module 2016-09-12 20:27:59 -07:00
dmascc.c
hdlcdrv.c
Kconfig
Makefile
mkiss.c treewide: replace dev->trans_start update with helper 2016-05-04 14:16:49 -04:00
scc.c treewide: replace dev->trans_start update with helper 2016-05-04 14:16:49 -04:00
yam.c treewide: replace dev->trans_start update with helper 2016-05-04 14:16:49 -04:00
z8530.h