Message-ID: <3EB118F9.9030003@web.de>
Date: Thu, 01 May 2003 14:54:17 +0200
From: Michael Hunold <hunold-ml@web.de>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; de-AT; rv:1.3b) Gecko/20030312
MIME-Version: 1.0
To: Junfeng Yang <yjf@stanford.edu>
CC: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>, mc@stanford.edu
Subject: Re: [CHECKER] 5 potential user-pointer errors that allow arbitrary
 reads from kernel
References: <Pine.GSO.4.44.0304302131150.22117-100000@elaine24.Stanford.EDU>
In-Reply-To: <Pine.GSO.4.44.0304302131150.22117-100000@elaine24.Stanford.EDU>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 881
Lines: 26

Hello Junfeng,

> This is a resend (the previous report was ignored, however I feel that
> these bugs could be severe).

> Please confirm or clarify. Thanks!

> [BUG] proc_dir_entry.write_proc can take tainted inputs.
> av7110_ir_write_proc is assigned to proc_dir_entry.write_proc
> 
> /home/junfeng/linux-2.5.63/drivers/media/dvb/av7110/av7110_ir.c:116:av7110_ir_write_proc:
> ERROR:TAINTED:116:116: passing tainted ptr 'buffer' to __constant_memcpy
> [Callstack:
> /home/junfeng/linux-2.5.63/net/core/pktgen.c:991:av7110_ir_write_proc((tainted
> 1))]

Confirmed. I'll post a patch when I'm back at work again on Monday.

CU
Michael.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/