openkylin
/
linux
mirror of https://gitee.com/openkylin/linux.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

staging/bcm: integer underflow leads to Oom 

We do:

        if (NOB > DEFAULT_BUFF_SIZE)
                BuffSize = DEFAULT_BUFF_SIZE;
        else
                BuffSize = NOB;

Since NOB can be negative it results in a larger than intended BuffSize
and makes kzalloc() fail.

The code is still a bit crap because it lets the users read as much as
they want from nvram, but I don't know what a sensible upper limit
should be.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Dan Carpenter 2014-02-17 22:57:31 +03:00 committed by Greg Kroah-Hartman
parent cfff3e5c8d
commit ee2104ea86
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
drivers/staging/bcm/Bcmchar.c
View File

@ -1894,7 +1894,7 @@ static int bcm_char_ioctl_nvm_raw_read(void __user *argp, struct bcm_mini_adapte
{
struct bcm_nvm_readwrite stNVMRead;
struct bcm_ioctl_buffer IoBuffer;
INT NOB;
unsigned int NOB;
INT BuffSize;
INT ReadOffset = 0;
UINT ReadBytes = 0;