Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S263173AbTIVOm5 (ORCPT ); Mon, 22 Sep 2003 10:42:57 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S263175AbTIVOm5 (ORCPT ); Mon, 22 Sep 2003 10:42:57 -0400 Received: from ginger.cmf.nrl.navy.mil ([134.207.10.161]:53669 "EHLO ginger.cmf.nrl.navy.mil") by vger.kernel.org with ESMTP id S263173AbTIVOm4 (ORCPT ); Mon, 22 Sep 2003 10:42:56 -0400 Message-Id: <200309221442.h8MEfGkT005657@ginger.cmf.nrl.navy.mil> To: Felipe W Damasio cc: linux-atm-general@lists.sourceforge.net, linux-kernel@vger.kernel.org Subject: Re: [PATCH] Using possibly corrupted structure in atm/he.c In-Reply-To: Message from Felipe W Damasio of "Sun, 21 Sep 2003 01:25:22 -0300." <3F6D2832.8040609@terra.com.br> Date: Mon, 22 Sep 2003 10:41:18 -0400 From: chas williams X-Spam-Score: () hits=-6.8 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 754 Lines: 15 In message <3F6D2832.8040609@terra.com.br>,Felipe W Damasio writes: > If copy_from_user returns != 0, it means the the regs structure wasn't >filled correctly, and since its fields are used to determine which ioctl >the user is requesting the kernel could oops. > > And as long as we're covering the subject, the patch also audits >copy_to_user on the same function to check a possible failure to copy >the result back to userspace. indeed these are broken as written. i will get this sent up the chain. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/