staging: ncpfs: memory corruption in ncp_read_kernel() - kernel

diff options

author	Dan Carpenter <[email protected]>	2018-03-19 11:07:45 +0000
committer	Greg Kroah-Hartman <[email protected]>	2018-03-19 15:31:39 +0000
commit	4c41aa24baa4ed338241d05494f2c595c885af8f (patch)
tree	66e40138eae73dd94f4da1d9c2081992599c132e /drivers/gpu/drm/amd/amdgpu/amdgpu_object.c
parent	Merge tag 'iio-fixes-for-4.16b' of git://git.kernel.org/pub/scm/linux/kernel/... (diff)
download	kernel-4c41aa24baa4ed338241d05494f2c595c885af8f.tar.gz kernel-4c41aa24baa4ed338241d05494f2c595c885af8f.zip

staging: ncpfs: memory corruption in ncp_read_kernel()

If the server is malicious then *bytes_read could be larger than the size of the "target" buffer. It would lead to memory corruption when we do the memcpy(). Reported-by: Dr Silvio Cesare of InfoSect <Silvio Cesare <[email protected]> Signed-off-by: Dan Carpenter <[email protected]> Cc: stable <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>

Diffstat (limited to 'drivers/gpu/drm/amd/amdgpu/amdgpu_object.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: