[PATCH] virt: vbox: fix a missing-check bug

y between the data obtained in the two copies. In case an inconsistency is detected, an error code -EINVAL will be returned. Signed-off-by: Wenwen Wang --- drivers/virt/vboxguest/vboxguest_linux.c | 11 ++- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/drivers/virt/

[PATCH] scsi: sg: fix a missing-check bug

in the first copy and only copies the remaining part of the command from userspace. Signed-off-by: Wenwen Wang <wang6...@umn.edu> --- drivers/scsi/sg.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c index c198b963..0ad8106

[PATCH] scsi: sg: fix a missing-check bug

in the first copy and only copies the remaining part of the command from userspace. Signed-off-by: Wenwen Wang --- drivers/scsi/sg.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c index c198b963..0ad8106 100644 --- a/drivers/scsi/sg.c +++ b

[PATCH] isdn: eicon: fix a missing-check bug

inconsistent data. To avoid such issues, this patch adds a check after the second copy in the function diva_xdi_write(). If the adapter number is not equal to the one obtained in the first copy, (-4) will be returned to divas_write(), which will then return an error code -EINVAL. Signed-off-by: Wenwen Wang

[PATCH] isdn: eicon: fix a missing-check bug

inconsistent data. To avoid such issues, this patch adds a check after the second copy in the function diva_xdi_write(). If the adapter number is not equal to the one obtained in the first copy, (-4) will be returned to divas_write(), which will then return an error code -EINVAL. Signed-off-by: Wenwen Wang

[PATCH] crypto: chtls - fix a missing-check bug

as to ensure these checks will not be bypassed. Signed-off-by: Wenwen Wang <wang6...@umn.edu> --- drivers/crypto/chelsio/chtls/chtls_main.c | 10 +++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/drivers/crypto/chelsio/chtls/chtls_main.c b/drivers/crypto/chelsio/chtls/chtls_

[PATCH] crypto: chtls - fix a missing-check bug

as to ensure these checks will not be bypassed. Signed-off-by: Wenwen Wang --- drivers/crypto/chelsio/chtls/chtls_main.c | 10 +++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/drivers/crypto/chelsio/chtls/chtls_main.c b/drivers/crypto/chelsio/chtls/chtls_main.c index 007c45c

[PATCH] ALSA: control: fix a redundant-copy issue

and a malicious userspace process can race to change the 'type' field between the two copies to cause inconsistent data. Depending on how the data is used in the future, such an inconsistency may cause potential security risks. For above reasons, we should take out the second copy. Signed-off-by: Wenwen

[PATCH] ALSA: control: fix a redundant-copy issue

and a malicious userspace process can race to change the 'type' field between the two copies to cause inconsistent data. Depending on how the data is used in the future, such an inconsistency may cause potential security risks. For above reasons, we should take out the second copy. Signed-off-by: Wenwen

[PATCH v2 2/2] i2c: core-smbus: fix a potential missing-check bug

transferred messages 'status' is not equal to 'num'. Signed-off-by: Wenwen Wang <wang6...@umn.edu> --- drivers/i2c/i2c-core-smbus.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/i2c/i2c-core-smbus.c b/drivers/i2c/i2c-core-smbus.c index 7d7700f..e7a2d2f 100644 --- a/drivers/i

[PATCH v2 2/2] i2c: core-smbus: fix a potential missing-check bug

transferred messages 'status' is not equal to 'num'. Signed-off-by: Wenwen Wang --- drivers/i2c/i2c-core-smbus.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/i2c/i2c-core-smbus.c b/drivers/i2c/i2c-core-smbus.c index 7d7700f..e7a2d2f 100644 --- a/drivers/i2c/i2c-core-smbus.c +++ b

[PATCH v2 1/2] i2c: core-smbus: fix a potential uninitialization bug

error message. This patch initializes the first byte of msgbuf1 with 0 to avoid such undefined behaviors or security issues. Signed-off-by: Wenwen Wang <wang6...@umn.edu> --- drivers/i2c/i2c-core-smbus.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/i2c/i2c-core-smbus.c b/drivers/

[PATCH v2 1/2] i2c: core-smbus: fix a potential uninitialization bug

error message. This patch initializes the first byte of msgbuf1 with 0 to avoid such undefined behaviors or security issues. Signed-off-by: Wenwen Wang --- drivers/i2c/i2c-core-smbus.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/i2c/i2c-core-smbus.c b/drivers/i2c/i2c-core-smbus.c

Re: [PATCH] i2c: core-smbus: fix a potential uninitialization bug

On Sat, May 5, 2018 at 5:28 AM, Peter Rosin <p...@axentia.se> wrote: > On 2018-05-05 03:43, Wenwen Wang wrote: >> In i2c_smbus_xfer_emulated(), there are two buffers: msgbuf0 and msgbuf1, >> which are used to save a series of messages, as mentioned in the comment. >

Re: [PATCH] i2c: core-smbus: fix a potential uninitialization bug

On Sat, May 5, 2018 at 5:28 AM, Peter Rosin wrote: > On 2018-05-05 03:43, Wenwen Wang wrote: >> In i2c_smbus_xfer_emulated(), there are two buffers: msgbuf0 and msgbuf1, >> which are used to save a series of messages, as mentioned in the comment. >> According to the value

[PATCH] scsi: mpt3sas: fix a missing-check bug

the 'ioc_number' copied after the second copy to make sure it is not changed since the first copy. Signed-off-by: Wenwen Wang <wang6...@umn.edu> --- drivers/scsi/mpt3sas/mpt3sas_ctl.c | 5 + 1 file changed, 5 insertions(+) diff --git a/drivers/scsi/mpt3sas/mpt3sas_ctl.c b/drivers/scsi/m

[PATCH] scsi: mpt3sas: fix a missing-check bug

the 'ioc_number' copied after the second copy to make sure it is not changed since the first copy. Signed-off-by: Wenwen Wang --- drivers/scsi/mpt3sas/mpt3sas_ctl.c | 5 + 1 file changed, 5 insertions(+) diff --git a/drivers/scsi/mpt3sas/mpt3sas_ctl.c b/drivers/scsi/mpt3sas/mpt3sas_ctl.c index

[PATCH] HID: uhid: fix a missing-check bug

(). If 'type' is modified by user, there could be some issues such as uninitialized uses. To fix this problem, we need to recheck the type after the second fetch to make sure it is not UHID_CREATE. Signed-off-by: Wenwen Wang <wang6...@umn.edu> --- drivers/hid/uhid.c | 10 -- 1 file chan

[PATCH] HID: uhid: fix a missing-check bug

(). If 'type' is modified by user, there could be some issues such as uninitialized uses. To fix this problem, we need to recheck the type after the second fetch to make sure it is not UHID_CREATE. Signed-off-by: Wenwen Wang --- drivers/hid/uhid.c | 10 -- 1 file changed, 8 insertions(+), 2

[PATCH] i2c: core-smbus: fix a potential uninitialization bug

demonstrated in the error message. This patch checks the return value of i2c_transfer() and also initializes the first byte of msgbuf1 with 0 to avoid undefined behaviors or security issues. Signed-off-by: Wenwen Wang <wang6...@umn.edu> --- drivers/i2c/i2c-core-smbus.c | 3 +++ 1 file chan

[PATCH] i2c: core-smbus: fix a potential uninitialization bug

demonstrated in the error message. This patch checks the return value of i2c_transfer() and also initializes the first byte of msgbuf1 with 0 to avoid undefined behaviors or security issues. Signed-off-by: Wenwen Wang --- drivers/i2c/i2c-core-smbus.c | 3 +++ 1 file changed, 3 insertions(+) diff --

Re: [PATCH] i2c: core-smbus: fix a potential uninitialization bug

On Fri, May 4, 2018 at 10:38 AM, Peter Rosin <p...@axentia.se> wrote: > On 2018-05-04 16:59, Wenwen Wang wrote: >> On Fri, May 4, 2018 at 2:27 AM, Peter Rosin <p...@axentia.se> wrote: >>> On 2018-05-04 09:17, Wenwen Wang wrote: >>>> On Fri, May 4, 201

Re: [PATCH] i2c: core-smbus: fix a potential uninitialization bug

On Fri, May 4, 2018 at 10:38 AM, Peter Rosin wrote: > On 2018-05-04 16:59, Wenwen Wang wrote: >> On Fri, May 4, 2018 at 2:27 AM, Peter Rosin wrote: >>> On 2018-05-04 09:17, Wenwen Wang wrote: >>>> On Fri, May 4, 2018 at 1:49 AM, Peter Rosin wrote: >>>&g

Re: [PATCH] i2c: core-smbus: fix a potential uninitialization bug

On Fri, May 4, 2018 at 2:27 AM, Peter Rosin <p...@axentia.se> wrote: > On 2018-05-04 09:17, Wenwen Wang wrote: >> On Fri, May 4, 2018 at 1:49 AM, Peter Rosin <p...@axentia.se> wrote: >>> On 2018-05-04 07:28, Wenwen Wang wrote: >>>> On Fri, May 4, 2018

Re: [PATCH] i2c: core-smbus: fix a potential uninitialization bug

On Fri, May 4, 2018 at 2:27 AM, Peter Rosin wrote: > On 2018-05-04 09:17, Wenwen Wang wrote: >> On Fri, May 4, 2018 at 1:49 AM, Peter Rosin wrote: >>> On 2018-05-04 07:28, Wenwen Wang wrote: >>>> On Fri, May 4, 2018 at 12:04 AM, Peter Rosin wrote: >>>&g

Re: [PATCH v2] staging: lustre: llite: fix potential missing-check bug when copying lumv

On Fri, May 4, 2018 at 5:08 AM, Dilger, Andreas <andreas.dil...@intel.com> wrote: > On May 3, 2018, at 22:19, Wenwen Wang <wang6...@umn.edu> wrote: >> >> On Tue, May 1, 2018 at 3:46 AM, Dan Carpenter <dan.carpen...@oracle.com> >> wrote: >>> On Mo

Re: [PATCH v2] staging: lustre: llite: fix potential missing-check bug when copying lumv

On Fri, May 4, 2018 at 5:08 AM, Dilger, Andreas wrote: > On May 3, 2018, at 22:19, Wenwen Wang wrote: >> >> On Tue, May 1, 2018 at 3:46 AM, Dan Carpenter >> wrote: >>> On Mon, Apr 30, 2018 at 05:56:10PM -0500, Wenwen Wang wrote: >>>> However, given th

[PATCH] media: staging: atomisp: fix a potential missing-check bug

such as null pointer dereference. This patch saves the pointer returned by the first invocation and removes the second invocation. If the returned pointer is not NULL, the memory content is copied according to the original code. Signed-off-by: Wenwen Wang <wang6...@umn.edu> --- drivers/staging

[PATCH] media: staging: atomisp: fix a potential missing-check bug

such as null pointer dereference. This patch saves the pointer returned by the first invocation and removes the second invocation. If the returned pointer is not NULL, the memory content is copied according to the original code. Signed-off-by: Wenwen Wang --- drivers/staging/media/atomisp/pci

Re: [PATCH] i2c: core-smbus: fix a potential uninitialization bug

On Fri, May 4, 2018 at 1:49 AM, Peter Rosin <p...@axentia.se> wrote: > On 2018-05-04 07:28, Wenwen Wang wrote: >> On Fri, May 4, 2018 at 12:04 AM, Peter Rosin <p...@axentia.se> wrote: >>> On 2018-05-04 06:08, Wenwen Wang wrote: >>>> On Thu, May 3, 201

Re: [PATCH] i2c: core-smbus: fix a potential uninitialization bug

On Fri, May 4, 2018 at 1:49 AM, Peter Rosin wrote: > On 2018-05-04 07:28, Wenwen Wang wrote: >> On Fri, May 4, 2018 at 12:04 AM, Peter Rosin wrote: >>> On 2018-05-04 06:08, Wenwen Wang wrote: >>>> On Thu, May 3, 2018 at 3:34 PM, Peter Rosin wrote: >>>&g

[PATCH] net: sched: cls: fix a potential missing-check bug

Signed-off-by: Wenwen Wang <wang6...@umn.edu> --- net/sched/cls_rsvp.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/sched/cls_rsvp.h b/net/sched/cls_rsvp.h index 4f12976..7ced8fc 100644 --- a/net/sched/cls_rsvp.h +++ b/net/sched/cls_rsvp.h @@ -590,6 +590,9 @@ static int rsvp_chan

[PATCH] net: sched: cls: fix a potential missing-check bug

Signed-off-by: Wenwen Wang --- net/sched/cls_rsvp.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/sched/cls_rsvp.h b/net/sched/cls_rsvp.h index 4f12976..7ced8fc 100644 --- a/net/sched/cls_rsvp.h +++ b/net/sched/cls_rsvp.h @@ -590,6 +590,9 @@ static int rsvp_change(struct net *net, st

Re: [PATCH v2] staging: lustre: llite: fix potential missing-check bug when copying lumv

On Fri, May 4, 2018 at 12:27 AM, Dan Carpenter wrote: > There is no security problem here. The user is allowed to choose either > v1 or v3. Using a double read race condition to choose v1 is not > going to cause problems. It's slightly more complicated than just >

Re: [PATCH v2] staging: lustre: llite: fix potential missing-check bug when copying lumv

On Fri, May 4, 2018 at 12:27 AM, Dan Carpenter wrote: > There is no security problem here. The user is allowed to choose either > v1 or v3. Using a double read race condition to choose v1 is not > going to cause problems. It's slightly more complicated than just > choosing it directly but that

Re: [PATCH] i2c: core-smbus: fix a potential uninitialization bug

On Fri, May 4, 2018 at 12:04 AM, Peter Rosin <p...@axentia.se> wrote: > On 2018-05-04 06:08, Wenwen Wang wrote: >> On Thu, May 3, 2018 at 3:34 PM, Peter Rosin <p...@axentia.se> wrote: >>> On 2018-05-03 00:36, Wenwen Wang wrote: >>>> In i2c_smbus_xfer_

Re: [PATCH] i2c: core-smbus: fix a potential uninitialization bug

On Fri, May 4, 2018 at 12:04 AM, Peter Rosin wrote: > On 2018-05-04 06:08, Wenwen Wang wrote: >> On Thu, May 3, 2018 at 3:34 PM, Peter Rosin wrote: >>> On 2018-05-03 00:36, Wenwen Wang wrote: >>>> In i2c_smbus_xfer_emulated(), there are two buffers: msgbuf0 an

Re: [PATCH v2] staging: lustre: llite: fix potential missing-check bug when copying lumv

On Tue, May 1, 2018 at 3:46 AM, Dan Carpenter <dan.carpen...@oracle.com> wrote: > On Mon, Apr 30, 2018 at 05:56:10PM -0500, Wenwen Wang wrote: >> However, given that the user data resides in the user space, a malicious >> user-space process can race to change the data b

Re: [PATCH v2] staging: lustre: llite: fix potential missing-check bug when copying lumv

On Tue, May 1, 2018 at 3:46 AM, Dan Carpenter wrote: > On Mon, Apr 30, 2018 at 05:56:10PM -0500, Wenwen Wang wrote: >> However, given that the user data resides in the user space, a malicious >> user-space process can race to change the data between the two copies. By >> d

Re: [PATCH] i2c: core-smbus: fix a potential uninitialization bug

On Thu, May 3, 2018 at 3:34 PM, Peter Rosin <p...@axentia.se> wrote: > On 2018-05-03 00:36, Wenwen Wang wrote: >> In i2c_smbus_xfer_emulated(), there are two buffers: msgbuf0 and msgbuf1, >> which are used to save a series of messages, as mentioned in the comment. >

Re: [PATCH] i2c: core-smbus: fix a potential uninitialization bug

On Thu, May 3, 2018 at 3:34 PM, Peter Rosin wrote: > On 2018-05-03 00:36, Wenwen Wang wrote: >> In i2c_smbus_xfer_emulated(), there are two buffers: msgbuf0 and msgbuf1, >> which are used to save a series of messages, as mentioned in the comment. >> According to the value

Re: [PATCH] sctp: fix a potential missing-check bug

On Thu, May 3, 2018 at 8:39 AM, Marcelo Ricardo Leitner <marcelo.leit...@gmail.com> wrote: > On Thu, May 03, 2018 at 08:31:28AM -0500, Wenwen Wang wrote: >> On Thu, May 3, 2018 at 7:46 AM, Marcelo Ricardo Leitner >> <marcelo.leit...@gmail.com> wrote: >> > On T

Re: [PATCH] sctp: fix a potential missing-check bug

On Thu, May 3, 2018 at 8:39 AM, Marcelo Ricardo Leitner wrote: > On Thu, May 03, 2018 at 08:31:28AM -0500, Wenwen Wang wrote: >> On Thu, May 3, 2018 at 7:46 AM, Marcelo Ricardo Leitner >> wrote: >> > On Thu, May 03, 2018 at 07:01:51AM -0500, Wenwen Wang wrote: >>

Re: [PATCH] sctp: fix a potential missing-check bug

On Thu, May 3, 2018 at 7:46 AM, Marcelo Ricardo Leitner <marcelo.leit...@gmail.com> wrote: > On Thu, May 03, 2018 at 07:01:51AM -0500, Wenwen Wang wrote: >> On Wed, May 2, 2018 at 8:48 PM, Marcelo Ricardo Leitner >> <marcelo.leit...@gmail.com> wrote: >> > On W

Re: [PATCH] sctp: fix a potential missing-check bug

On Thu, May 3, 2018 at 7:46 AM, Marcelo Ricardo Leitner wrote: > On Thu, May 03, 2018 at 07:01:51AM -0500, Wenwen Wang wrote: >> On Wed, May 2, 2018 at 8:48 PM, Marcelo Ricardo Leitner >> wrote: >> > On Wed, May 02, 2018 at 08:27:05PM -0500, Wenwen Wang wrote: >>

Re: [PATCH] sctp: fix a potential missing-check bug

On Wed, May 2, 2018 at 8:48 PM, Marcelo Ricardo Leitner <marcelo.leit...@gmail.com> wrote: > On Wed, May 02, 2018 at 08:27:05PM -0500, Wenwen Wang wrote: >> On Wed, May 2, 2018 at 8:24 PM, Marcelo Ricardo Leitner >> <marcelo.leit...@gmail.com> wrote: >> > On W

Re: [PATCH] sctp: fix a potential missing-check bug

On Wed, May 2, 2018 at 8:48 PM, Marcelo Ricardo Leitner wrote: > On Wed, May 02, 2018 at 08:27:05PM -0500, Wenwen Wang wrote: >> On Wed, May 2, 2018 at 8:24 PM, Marcelo Ricardo Leitner >> wrote: >> > On Wed, May 02, 2018 at 08:15:45PM -0500, Wenwen Wang wrote: >>

Re: [PATCH] sctp: fix a potential missing-check bug

On Wed, May 2, 2018 at 8:24 PM, Marcelo Ricardo Leitner <marcelo.leit...@gmail.com> wrote: > On Wed, May 02, 2018 at 08:15:45PM -0500, Wenwen Wang wrote: >> In sctp_setsockopt_maxseg(), the integer 'val' is compared against min_len >> and max_len to check whether it is in

Re: [PATCH] sctp: fix a potential missing-check bug

On Wed, May 2, 2018 at 8:24 PM, Marcelo Ricardo Leitner wrote: > On Wed, May 02, 2018 at 08:15:45PM -0500, Wenwen Wang wrote: >> In sctp_setsockopt_maxseg(), the integer 'val' is compared against min_len >> and max_len to check whether it is in the appropriate range. If it is n

[PATCH] sctp: fix a potential missing-check bug

ned. Signed-off-by: Wenwen Wang <wang6...@umn.edu> --- net/sctp/socket.c | 22 +++--- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/net/sctp/socket.c b/net/sctp/socket.c index 80835ac..03e1cc3 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -3212,

[PATCH] sctp: fix a potential missing-check bug

ned. Signed-off-by: Wenwen Wang --- net/sctp/socket.c | 22 +++--- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/net/sctp/socket.c b/net/sctp/socket.c index 80835ac..03e1cc3 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -3212,6 +3212,7 @@ static

Re: [PATCH] sctp: fix a potential missing-check bug

Hi Marcelo, I guess I worked on an old version of the kernel. I will re-submit the patch. Sorry :( Wenwen On Wed, May 2, 2018 at 6:23 PM, Marcelo Ricardo Leitner <marcelo.leit...@gmail.com> wrote: > Hi Wenwen, > > On Wed, May 02, 2018 at 05:12:45PM -0500, We

Re: [PATCH] sctp: fix a potential missing-check bug

Hi Marcelo, I guess I worked on an old version of the kernel. I will re-submit the patch. Sorry :( Wenwen On Wed, May 2, 2018 at 6:23 PM, Marcelo Ricardo Leitner wrote: > Hi Wenwen, > > On Wed, May 02, 2018 at 05:12:45PM -0500, Wenwen Wang wrote: >> In sctp_setsockopt_maxseg

[PATCH] media: staging: atomisp: fix a potential missing-check bug

such as null pointer dereference. This patch saves the pointer returned by the first invocation and removes the second invocation. If the returned pointer is not NULL, the memory content is copied according to the original code. Signed-off-by: Wenwen Wang <wang6...@umn.edu> --- drivers/staging

[PATCH] media: staging: atomisp: fix a potential missing-check bug

such as null pointer dereference. This patch saves the pointer returned by the first invocation and removes the second invocation. If the returned pointer is not NULL, the memory content is copied according to the original code. Signed-off-by: Wenwen Wang --- drivers/staging/media/atomisp/pci

[PATCH] i2c: core-smbus: fix a potential uninitialization bug

er msgbuf1 with 0 to avoid undefined behaviors or security issues. Signed-off-by: Wenwen Wang <wang6...@umn.edu> --- drivers/i2c/i2c-core-smbus.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/i2c/i2c-core-smbus.c b/drivers/i2c/i2c-core-smbus.c index b5aec33..0fcc

[PATCH] i2c: core-smbus: fix a potential uninitialization bug

er msgbuf1 with 0 to avoid undefined behaviors or security issues. Signed-off-by: Wenwen Wang --- drivers/i2c/i2c-core-smbus.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/i2c/i2c-core-smbus.c b/drivers/i2c/i2c-core-smbus.c index b5aec33..0fcca75 100644 --- a/drivers/

[PATCH] sctp: fix a potential missing-check bug

ned. Signed-off-by: Wenwen Wang <wang6...@umn.edu> --- net/sctp/socket.c | 21 ++--- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/net/sctp/socket.c b/net/sctp/socket.c index 80835ac..2beb601 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -3212,

[PATCH] sctp: fix a potential missing-check bug

ned. Signed-off-by: Wenwen Wang --- net/sctp/socket.c | 21 ++--- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/net/sctp/socket.c b/net/sctp/socket.c index 80835ac..2beb601 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -3212,6 +3212,7 @@ static

[PATCH] tipc: fix a potential missing-check bug

ication to l->backlog[imp].len (if imp is TIPC_SYSTEM_IMPORTANCE) to avoid such security issues. An error code will be returned if an unexpected value of l->backlog[imp].len is generated. Signed-off-by: Wenwen Wang <wang6...@umn.edu> --- net/tipc/link.c | 5 + 1 file changed, 5

[PATCH] tipc: fix a potential missing-check bug

ication to l->backlog[imp].len (if imp is TIPC_SYSTEM_IMPORTANCE) to avoid such security issues. An error code will be returned if an unexpected value of l->backlog[imp].len is generated. Signed-off-by: Wenwen Wang --- net/tipc/link.c | 5 + 1 file changed, 5 insertions(+) diff -

[PATCH v2] staging: lustre: llite: fix potential missing-check bug when copying lumv

., LOV_USER_MAGIC_V3, an error code will be returned: -EINVAL. Signed-off-by: Wenwen Wang <wang6...@umn.edu> --- drivers/staging/lustre/lustre/llite/dir.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/staging/lustre/lustre/llite/dir.c b/drivers/staging/lustre/lustre/llite/dir.c

[PATCH v2] staging: lustre: llite: fix potential missing-check bug when copying lumv

., LOV_USER_MAGIC_V3, an error code will be returned: -EINVAL. Signed-off-by: Wenwen Wang --- drivers/staging/lustre/lustre/llite/dir.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/staging/lustre/lustre/llite/dir.c b/drivers/staging/lustre/lustre/llite/dir.c index d10d272..80d44ca

Re: [PATCH] staging: luster: llite: fix a potential missing-check bug when copying lumv

On Mon, Apr 30, 2018 at 5:38 PM, Dilger, Andreas <andreas.dil...@intel.com> wrote: > On Apr 29, 2018, at 07:20, Greg Kroah-Hartman <gre...@linuxfoundation.org> > wrote: >> >> On Sat, Apr 28, 2018 at 04:04:25PM +, Dilger, Andreas wrote: >>> On Apr

Re: [PATCH] staging: luster: llite: fix a potential missing-check bug when copying lumv

On Mon, Apr 30, 2018 at 5:38 PM, Dilger, Andreas wrote: > On Apr 29, 2018, at 07:20, Greg Kroah-Hartman > wrote: >> >> On Sat, Apr 28, 2018 at 04:04:25PM +, Dilger, Andreas wrote: >>> On Apr 27, 2018, at 17:45, Wenwen Wang wrote: >>>> [PATCH] stagin

[PATCH v2] ethtool: fix a potential missing-check bug

tually copied to user-space. This inconsistent data may also cause undefined behaviors based on how ops->get_rxnfc() is implemented. This patch simply re-verifies the flow_type field of "info" after the second copy. If the value is not as expected, an error code will be returned.

[PATCH v2] ethtool: fix a potential missing-check bug

tually copied to user-space. This inconsistent data may also cause undefined behaviors based on how ops->get_rxnfc() is implemented. This patch simply re-verifies the flow_type field of "info" after the second copy. If the value is not as expected, an error code will be returne

[PATCH] i2c: core-smbus: fix a potential uninitialization bug

er msgbuf1 with 0 to avoid undefined behaviors or security issues. Signed-off-by: Wenwen Wang <wang6...@umn.edu> --- drivers/i2c/i2c-core-smbus.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/i2c/i2c-core-smbus.c b/drivers/i2c/i2c-core-smbus.c index b5aec33..0fcc

[PATCH] i2c: core-smbus: fix a potential uninitialization bug

er msgbuf1 with 0 to avoid undefined behaviors or security issues. Signed-off-by: Wenwen Wang --- drivers/i2c/i2c-core-smbus.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/i2c/i2c-core-smbus.c b/drivers/i2c/i2c-core-smbus.c index b5aec33..0fcca75 100644 --- a/drivers/

[PATCH] ethtool: fix a potential missing-check bug

tually copied to user-space. This inconsistent data may also cause undefined behaviors based on how ops->get_rxnfc() is implemented. This patch re-verifies the flow_type field of "info" after the second copy. If the value is not as expected, an error code will be returned. Signed-off

[PATCH] ethtool: fix a potential missing-check bug

tually copied to user-space. This inconsistent data may also cause undefined behaviors based on how ops->get_rxnfc() is implemented. This patch re-verifies the flow_type field of "info" after the second copy. If the value is not as expected, an error code will be returned. Signed-

Re: [PATCH] staging: luster: llite: fix a potential missing-check bug when copying lumv

On Sun, Apr 29, 2018 at 8:20 AM, Greg Kroah-Hartman <gre...@linuxfoundation.org> wrote: > On Sat, Apr 28, 2018 at 04:04:25PM +, Dilger, Andreas wrote: >> On Apr 27, 2018, at 17:45, Wenwen Wang <wang6...@umn.edu> wrote: >> > [PATCH] staging: luster: llite: fix po

Re: [PATCH] staging: luster: llite: fix a potential missing-check bug when copying lumv

On Sun, Apr 29, 2018 at 8:20 AM, Greg Kroah-Hartman wrote: > On Sat, Apr 28, 2018 at 04:04:25PM +, Dilger, Andreas wrote: >> On Apr 27, 2018, at 17:45, Wenwen Wang wrote: >> > [PATCH] staging: luster: llite: fix potential missing-check bug when >> > copying lumv &

[PATCH] media: staging: atomisp: fix a potential missing-check bug

such as null pointer dereference. This patch saves the pointer returned by the first invocation and removes the second invocation. If the returned pointer is not NULL, the memory content is copied according to the original code. Signed-off-by: Wenwen Wang <wang6...@umn.edu> --- drivers/staging

[PATCH] media: staging: atomisp: fix a potential missing-check bug

such as null pointer dereference. This patch saves the pointer returned by the first invocation and removes the second invocation. If the returned pointer is not NULL, the memory content is copied according to the original code. Signed-off-by: Wenwen Wang --- drivers/staging/media/atomisp/pci

[PATCH] staging: luster: llite: fix a potential missing-check bug when copying lumv

., LOV_USER_MAGIC_V3, an error code will be returned: -EINVAL. Signed-off-by: Wenwen Wang <wang6...@umn.edu> --- drivers/staging/lustre/lustre/llite/dir.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/staging/lustre/lustre/llite/dir.c b/drivers/staging/lustre/lustre/llite/dir.c

[PATCH] staging: luster: llite: fix a potential missing-check bug when copying lumv

., LOV_USER_MAGIC_V3, an error code will be returned: -EINVAL. Signed-off-by: Wenwen Wang --- drivers/staging/lustre/lustre/llite/dir.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/staging/lustre/lustre/llite/dir.c b/drivers/staging/lustre/lustre/llite/dir.c index d10d272..80d44ca

<    1   2   3