Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp1217710imm; Fri, 11 May 2018 12:52:16 -0700 (PDT) X-Google-Smtp-Source: AB8JxZrNhvLj69x+8FPf/qyapJ5MJzro2nQm/V0r+ET6zmkQZI8Ozn2JZXPGLtdH8RjsBqqOtMFH X-Received: by 2002:a62:3a1c:: with SMTP id h28-v6mr125391pfa.209.1526068336573; Fri, 11 May 2018 12:52:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1526068336; cv=none; d=google.com; s=arc-20160816; b=ZH1Mk26SkOj8bkcJO+UsbXLc3ZmZiuigZv5TXiFkmk+JOMtDg5lMyQlO+FaMWmc51A +TtvsJ8H7U0eOvE9DXDkSP9yg90AWCgAEchghY3nDCV3MZG6j1x3NBpGzqBHUy5zzOjo 0pb+sbb+u5hNROe4T7J05SaBns/y6o7ekd55XUAzguHheAN78gmv84L8UtdM1UO118XZ EAUgHyR8pWj44db9Bj3tuSkBmNEXyRrQyQ2DZGz5g+IFF2l2zXRbSoLZ5RQVMEj8kV0G zjWZUUk+Z2ogkqdwL0ElolO/pQy0EMnxKa14y9cnZ9jRq5jfdzkYgLTWf43MOqUR/3IB fhXA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:from:subject:cc:to:message-id:date :arc-authentication-results; bh=yq0VIOvHfjdkn+K+4VvOsppvuf31c2/N/AznO1x9+U8=; b=lknB5AhGNhq3LPqnJ397Lwhxg4BapQnD4Zw2wAGtLzAnLHD2jal4wKrQBG55ZiRSRA 8YzYISdt0Gt6Q14vmMUefzd2mlQI1MBU7FGTgI1UJMSa+lQ8jvdd3EinZG0LZ2R77wAR Xdle5uXctqUuIOedhYMCjK72h0BJsFBeX8CJFlrn65XyjVpzcO9sqja4YJGl2sh7tAUX eb3X3pkx6qtLI/F23IKHcz2pCY2XU7uYyhk4OgRoz+XgTNLg1ZpBdxe6ozL5o/s9zpGg UtsfNYIphi0N2vxfsMgbM8q6dIwY0Nhf13aCBa6i+HJzMpNyYg+NZWgyzy4rkTTFr33u 4i6A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k70-v6si3110531pgd.22.2018.05.11.12.52.01; Fri, 11 May 2018 12:52:16 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751406AbeEKTvr (ORCPT + 99 others); Fri, 11 May 2018 15:51:47 -0400 Received: from shards.monkeyblade.net ([184.105.139.130]:50020 "EHLO shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750980AbeEKTvq (ORCPT ); Fri, 11 May 2018 15:51:46 -0400 Received: from localhost (pool-173-77-163-54.nycmny.fios.verizon.net [173.77.163.54]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) (Authenticated sender: davem-davemloft) by shards.monkeyblade.net (Postfix) with ESMTPSA id C060E136A4AB7; Fri, 11 May 2018 12:51:45 -0700 (PDT) Date: Fri, 11 May 2018 15:50:46 -0400 (EDT) Message-Id: <20180511.155046.122041869811590666.davem@davemloft.net> To: wang6495@umn.edu Cc: kjlu@umn.edu, mac@melware.de, isdn@linux-pingi.de, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] isdn: eicon: fix a missing-check bug From: David Miller In-Reply-To: <1525548766-13017-1-git-send-email-wang6495@umn.edu> References: <1525548766-13017-1-git-send-email-wang6495@umn.edu> X-Mailer: Mew version 6.7 on Emacs 25.3 / Mule 6.0 (HANACHIRUSATO) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (shards.monkeyblade.net [149.20.54.216]); Fri, 11 May 2018 12:51:46 -0700 (PDT) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Wenwen Wang Date: Sat, 5 May 2018 14:32:46 -0500 > To avoid such issues, this patch adds a check after the second copy in the > function diva_xdi_write(). If the adapter number is not equal to the one > obtained in the first copy, (-4) will be returned to divas_write(), which > will then return an error code -EINVAL. Better fix is to copy the msg header once into an on-stack buffer supplied by diva_write() to diva_xdi_open_adapter(), which is then passed on to diva_xdi_write() with an adjusted src pointer and length.