From patchwork Mon Dec 12 11:31:53 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marek Lindner X-Patchwork-Id: 130724 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 9B5EA1007D1 for ; Mon, 12 Dec 2011 22:38:42 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752396Ab1LLLii (ORCPT ); Mon, 12 Dec 2011 06:38:38 -0500 Received: from nm25-vm3.bullet.mail.ukl.yahoo.com ([217.146.177.79]:25908 "HELO nm25-vm3.bullet.mail.ukl.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with SMTP id S1751710Ab1LLLih (ORCPT ); Mon, 12 Dec 2011 06:38:37 -0500 X-Greylist: delayed 363 seconds by postgrey-1.27 at vger.kernel.org; Mon, 12 Dec 2011 06:38:36 EST Received: from [217.146.183.213] by nm25.bullet.mail.ukl.yahoo.com with NNFMP; 12 Dec 2011 11:33:03 -0000 Received: from [77.238.184.52] by tm6.bullet.mail.ukl.yahoo.com with NNFMP; 12 Dec 2011 11:33:03 -0000 Received: from [127.0.0.1] by smtp121.mail.ukl.yahoo.com with NNFMP; 12 Dec 2011 11:33:03 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.de; s=s1024; t=1323689583; bh=YA6XjnA0XVZKdAQeyy9E8gF1oneGWtjsr+sv6EZktbc=; h=X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Received:From:To:Cc:Subject:Date:Message-Id:X-Mailer:In-Reply-To:References; b=JLNHabOXkbuxc9j9VHnbeOW9mh2XaLj6I5dHYCO1YzZZ9nXsgsTTXUEU9IE/O4shcHhSsFEU6MxWY5E+4jRdSmqVjd6CYAXoCW9nNINh7Qy3++IRkUWtFzZ8lpj3j8MDnp1OHJGzn7Ec2Tq9KzFc6bPcyW3F2W2B3roTIWDGFII= X-Yahoo-Newman-Id: 663495.86667.bm@smtp121.mail.ukl.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: TonVJAsVM1k2TByjeIXwEnImLFsgMudEZ2qn5SWHqRYwdgv kCXdRbMs.EqHtdlvkibZ8t80S2ZKgCTtbm6US3NrDFYCYRkvHDdm81_6o_nw YlUfQy4.wItdp_iluW3p.GI8sj7Roa_GqJT0VV4reIoa.VpA.HXJ0xN1hLu3 lXv7neGBZkg.Iy_cAKtjfWIou_0rDKvFXT_etBdunp7Hpn8iXyXMmPRsXCZz pzoveaGzi6kEelQB6ohS30DdR3G5hhNvyMR9rdX_g.8LcH0RZmVy2EMS4Pe7 wwYFJVP2HgzV3wVynlyOTjFTAKzE6QHyjilP7dxByKHWAT9XE.0x5PChij.0 Tdd_8e4np6QSql7wI4eXNAFDTB8EIZZWJs51C6d2k2EhUFPUZ X-Yahoo-SMTP: tW.h3tiswBBMXO2coYcbPigGD5Lt6zY_.Zc- Received: from localhost (lindner_marek@210.177.7.38 with plain) by smtp121.mail.ukl.yahoo.com with SMTP; 12 Dec 2011 11:33:02 +0000 GMT From: Marek Lindner To: davem@davemloft.net Cc: netdev@vger.kernel.org, b.a.t.m.a.n@lists.open-mesh.org, Paul Kot , Sven Eckelmann , Marek Lindner Subject: [PATCH 09/11] batman-adv: bat_socket_read missing checks Date: Mon, 12 Dec 2011 19:31:53 +0800 Message-Id: <1323689516-24427-10-git-send-email-lindner_marek@yahoo.de> X-Mailer: git-send-email 1.7.5.4 In-Reply-To: <1323689516-24427-1-git-send-email-lindner_marek@yahoo.de> References: <1323689516-24427-1-git-send-email-lindner_marek@yahoo.de> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Paul Kot Writing a icmp_packet_rr and then reading icmp_packet can lead to kernel memory corruption, if __user *buf is just below TASK_SIZE. Signed-off-by: Paul Kot [sven@narfation.org: made it checkpatch clean] Signed-off-by: Sven Eckelmann Signed-off-by: Marek Lindner --- net/batman-adv/icmp_socket.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/net/batman-adv/icmp_socket.c b/net/batman-adv/icmp_socket.c index defd692..88ab26f 100644 --- a/net/batman-adv/icmp_socket.c +++ b/net/batman-adv/icmp_socket.c @@ -136,8 +136,8 @@ static ssize_t bat_socket_read(struct file *file, char __user *buf, spin_unlock_bh(&socket_client->lock); - error = __copy_to_user(buf, &socket_packet->icmp_packet, - socket_packet->icmp_len); + error = copy_to_user(buf, &socket_packet->icmp_packet, + socket_packet->icmp_len); packet_len = socket_packet->icmp_len; kfree(socket_packet);