4c41aa24ba
If the server is malicious then *bytes_read could be larger than the size of the "target" buffer. It would lead to memory corruption when we do the memcpy(). Reported-by: Dr Silvio Cesare of InfoSect <Silvio Cesare <silvio.cesare@gmail.com> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
---|---|---|
.. | ||
dir.c | ||
file.c | ||
getopt.c | ||
getopt.h | ||
inode.c | ||
ioctl.c | ||
Kconfig | ||
Makefile | ||
mmap.c | ||
ncp_fs_i.h | ||
ncp_fs_sb.h | ||
ncp_fs.h | ||
ncplib_kernel.c | ||
ncplib_kernel.h | ||
ncpsign_kernel.c | ||
ncpsign_kernel.h | ||
sock.c | ||
symlink.c | ||
TODO |