| No no. Vasily patched cciss_ioctl32_big_passthru() and this patch
| changes cciss_ioctl32_passthru().
Oops, yeah, I missed the `big' part!
Thanks.
--
Prasad J Pandit / Red Hat Security Response Team
DB7A 84C5 D3F9 7CD1 B5EB C939 D048 7860 3655 602B
--
To unsubscribe from this list: send the l
On Tue, Jun 04, 2013 at 04:09:10PM +0530, P J P wrote:
>Hello Dan,
> ===
> diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c
> index 6374dc1..34971aa 100644
> --- a/drivers/block/cciss.c
> +++ b/drivers/block/cciss.c
> @@ -1201,6 +1201,7 @@ static int cciss_ioctl32_passthru(struct
> bl
Hello Dan,
===
diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c
index 6374dc1..34971aa 100644
--- a/drivers/block/cciss.c
+++ b/drivers/block/cciss.c
@@ -1201,6 +1201,7 @@ static int cciss_ioctl32_passthru(struct block_device
*bdev, fmode_t mode,
int err;
u32 cp;
+
The arg64 struct has a hole after ->buf_size which isn't cleared.
Or if any of the calls to copy_from_user() fail then that would
cause an information leak as well.
Signed-off-by: Dan Carpenter
diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c
index 6374dc1..34971aa 100644
--- a/drivers
4 matches
Mail list logo
