, leading to a memory
leak bug. To fix this issue, free 'dev->partial_data' before returning the
error.
Signed-off-by: Wenwen Wang
---
drivers/net/usb/cx82310_eth.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/usb/cx82310_eth.c b/drivers/net/u
this execution path, leading to a memory
leak bug.
Signed-off-by: Wenwen Wang
---
drivers/net/usb/usbnet.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/usb/usbnet.c b/drivers/net/usb/usbnet.c
index 72514c4..f17fafa 100644
--- a/drivers/net/usb/usbnet.c
+++ b/drivers/net/
to an invalid number.
This way, the user can bypass the verification process of the adapter
number and inject inconsistent data.
This patch reuses the data copied in
diva_xdi_open_adapter() and passes it to diva_xdi_write(). This way, the
above issues can be avoided.
Signed-off-by: Wenwen Wang
---
dri
On Sun, May 20, 2018 at 5:37 PM, David Miller wrote:
> From: Wenwen Wang
> Date: Fri, 18 May 2018 16:33:47 -0500
>
>> In divasmain.c, the function divas_write() firstly invokes the function
>> diva_xdi_open_adapter() to open the adapter that matches with the adapter
>
to an invalid number.
This way, the user can bypass the verification process of the adapter
number and inject inconsistent data.
This patch reuses the data copied in
diva_xdi_open_adapter() and passes it to diva_xdi_write(). This way, the
above issues can be avoided.
Signed-off-by: Wenwen Wang
---
d
Thanks for your suggestion, David! I will revise the patch and resubmit it.
Wenwen
On Fri, May 11, 2018 at 2:50 PM, David Miller wrote:
> From: Wenwen Wang
> Date: Sat, 5 May 2018 14:32:46 -0500
>
>> To avoid such issues, this patch adds a check after the second copy in
Hello
Could you please review this patch? We need a confirmation because we
are working on an approaching deadline.
Thanks!
Wenwen
On Sat, May 5, 2018 at 2:32 PM, Wenwen Wang wrote:
> In divasmain.c, the function divas_write() firstly invokes the function
> diva_xdi_open_adapter() to op
to an invalid number.
This way, the user can bypass the verification process of the adapter
number and inject inconsistent data.
To avoid such issues, this patch adds a check after the second copy in the
function diva_xdi_write(). If the adapter number is not equal to the one
obtained in the first copy, (-4
igned-off-by: Wenwen Wang
---
net/sched/cls_rsvp.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/sched/cls_rsvp.h b/net/sched/cls_rsvp.h
index 4f12976..7ced8fc 100644
--- a/net/sched/cls_rsvp.h
+++ b/net/sched/cls_rsvp.h
@@ -590,6 +590,9 @@ static int rsvp_change(struct net *net, st
On Thu, May 3, 2018 at 8:39 AM, Marcelo Ricardo Leitner
wrote:
> On Thu, May 03, 2018 at 08:31:28AM -0500, Wenwen Wang wrote:
>> On Thu, May 3, 2018 at 7:46 AM, Marcelo Ricardo Leitner
>> wrote:
>> > On Thu, May 03, 2018 at 07:01:51AM -0500, Wenwen Wang wrote:
>>
On Thu, May 3, 2018 at 7:46 AM, Marcelo Ricardo Leitner
wrote:
> On Thu, May 03, 2018 at 07:01:51AM -0500, Wenwen Wang wrote:
>> On Wed, May 2, 2018 at 8:48 PM, Marcelo Ricardo Leitner
>> wrote:
>> > On Wed, May 02, 2018 at 08:27:05PM -0500, Wenwen Wang wrote:
>>
On Wed, May 2, 2018 at 8:48 PM, Marcelo Ricardo Leitner
wrote:
> On Wed, May 02, 2018 at 08:27:05PM -0500, Wenwen Wang wrote:
>> On Wed, May 2, 2018 at 8:24 PM, Marcelo Ricardo Leitner
>> wrote:
>> > On Wed, May 02, 2018 at 08:15:45PM -0500, Wenwen Wang wrote:
>>
On Wed, May 2, 2018 at 8:24 PM, Marcelo Ricardo Leitner
wrote:
> On Wed, May 02, 2018 at 08:15:45PM -0500, Wenwen Wang wrote:
>> In sctp_setsockopt_maxseg(), the integer 'val' is compared against min_len
>> and max_len to check whether it is in the appropriate range.
the expected range. If it is not, an error code -EINVAL will be returned.
Signed-off-by: Wenwen Wang
---
net/sctp/socket.c | 22 +++---
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 80835ac..03e1cc3 100644
--- a/n
Hi Marcelo,
I guess I worked on an old version of the kernel. I will re-submit the
patch. Sorry :(
Wenwen
On Wed, May 2, 2018 at 6:23 PM, Marcelo Ricardo Leitner
wrote:
> Hi Wenwen,
>
> On Wed, May 02, 2018 at 05:12:45PM -0500, Wenwen Wang wrote:
>> In sctp_setsockopt_maxseg
the expected range. If it is not, an error code -EINVAL will be returned.
Signed-off-by: Wenwen Wang
---
net/sctp/socket.c | 21 ++---
1 file changed, 10 insertions(+), 11 deletions(-)
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 80835ac..2beb601 100644
--- a/n
ication to
l->backlog[imp].len (if imp is TIPC_SYSTEM_IMPORTANCE) to avoid such
security issues. An error code will be returned if an unexpected value of
l->backlog[imp].len is generated.
Signed-off-by: Wenwen Wang
---
net/tipc/link.c | 5 +
1 file changed, 5 insertions(+)
diff --git a
tually
copied to user-space. This inconsistent data may also cause undefined
behaviors based on how ops->get_rxnfc() is implemented.
This patch simply re-verifies the flow_type field of "info" after the
second copy. If the value is not as expected, an error code will be
returne
tually
copied to user-space. This inconsistent data may also cause undefined
behaviors based on how ops->get_rxnfc() is implemented.
This patch re-verifies the flow_type field of "info" after the second copy.
If the value is not as expected, an error code will be returned.
Signed-
19 matches
Mail list logo
