On Tue, Dec 25, 2018 at 9:37 PM Kangjie Lu wrote:
>
> buf->length is first copied in from user space and security-checked. The
> second copy issued by copy_from_user copies it again. The data in user
> space may have been modified by malicious users.
So, we already did a check and copied not
buf->length is first copied in from user space and security-checked. The
second copy issued by copy_from_user copies it again. The data in user
space may have been modified by malicious users. filter_callback()
further uses the potentially modified data. The fix avoids the
double-fetch that
2 matches
Mail list logo