linux/drivers/char
Heikki Orsila 3fb0cb5d0f [PATCH] Open IPMI BT overflow
I was looking into random driver code and found a suspicious looking
memcpy() in drivers/char/ipmi/ipmi_bt_sm.c on 2.6.17-rc1:

	if ((size < 2) || (size > IPMI_MAX_MSG_LENGTH))
		return -1;
	...
	memcpy(bt->write_data + 3, data + 1, size - 1);

where sizeof bt->write_data is IPMI_MAX_MSG_LENGTH.  It looks like the
memcpy would overflow by 2 bytes if size == IPMI_MAX_MSG_LENGTH.  A patch
attached to limit size to (IPMI_MAX_LENGTH - 2).

Cc: Corey Minyard <minyard@acm.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-04-19 09:13:52 -07:00
..
agp [efficeon-agp] Add missing memory mask 2006-04-14 17:41:06 -07:00
drm drm: Fix further issues in drivers/char/drm/via_irq.c 2006-04-18 21:04:48 +10:00
ftape drivers/char/ftape/lowlevel/fdc-io.c: Correct a comment 2006-03-26 19:18:07 +02:00
ip2 Merge with git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git 2006-02-03 23:49:49 +01:00
ipmi [PATCH] Open IPMI BT overflow 2006-04-19 09:13:52 -07:00
mwave [PATCH] mwave: missing __user in ioctl struct declaration 2005-12-15 10:04:31 -08:00
pcmcia [PATCH] pcmcia: convert DEV_OK to pcmcia_dev_present 2006-03-31 17:26:57 +02:00
rio [PATCH] Yet more rio cleaning (2 of 2) 2006-03-24 07:33:29 -08:00
tpm [PATCH] tpm: sparc32 build fix 2006-03-25 08:22:55 -08:00
watchdog [WATCHDOG] at91_wdt.c - Atmel AT91RM9200 watchdog driver 2006-04-02 18:52:01 +02:00
.gitignore gitignore: misc files 2006-01-01 22:21:50 +01:00
amiserial.c [PATCH] kill _INLINE_ 2006-03-23 07:38:16 -08:00
applicom.c [PATCH] Wrong out of range check in drivers/char/applicom.c 2006-04-11 06:18:46 -07:00
applicom.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
cd1865.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ChangeLog Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
consolemap.c [PATCH] kfree cleanup: drivers/char 2005-11-07 07:54:02 -08:00
cp437.uni Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
cs5535_gpio.c [PATCH] i386: GPIO driver for AMD CS5535/CS5536 2006-01-10 08:01:24 -08:00
cyclades.c [PATCH] new tty buffering locking fix 2006-02-03 08:32:09 -08:00
decserial.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
defkeymap.c_shipped Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
defkeymap.map Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
digi1.h [PATCH] Clean up the old digi support and rescue it 2005-09-07 16:57:20 -07:00
digi.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
digiFep1.h [PATCH] Clean up the old digi support and rescue it 2005-09-07 16:57:20 -07:00
digiPCI.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ds1286.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ds1302.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ds1620.c [PATCH] char/ds1620: use msleep() instead of schedule_timeout() 2005-06-25 16:24:57 -07:00
dsp56k.c [PATCH] m68k: dsp56k __user annotations 2006-01-12 09:09:04 -08:00
dtlk.c [PATCH] Remove extraneous \n in doubletalk init printk. 2006-04-11 06:18:41 -07:00
ec3104_keyb.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
efirtc.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
epca.c BUG_ON() Conversion in drivers/char 2006-03-26 18:17:21 +02:00
epca.h [PATCH] epca iomem annotations + several missing readw() 2005-09-16 10:38:10 -07:00
epcaconfig.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
esp.c [PATCH] Fix locking error in esp 2006-02-14 10:01:39 -08:00
generic_nvram.c [PATCH] powerpc: Kill _machine and hard-coded platform numbers 2006-03-28 23:15:54 +11:00
generic_serial.c [PATCH] sem2mutex: serial ->port_write_mutex 2006-03-23 07:38:14 -08:00
genrtc.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
hangcheck-timer.c [PATCH] s390: hangcheck timer support 2006-02-01 08:53:24 -08:00
hpet.c [PATCH] HPET: handle multiple ACPI EXTENDED_IRQ resources 2006-02-14 16:09:34 -08:00
hvc_console.c [PATCH] powerpc: hvc_console updates 2006-03-28 16:45:26 +11:00
hvc_console.h [PATCH] powerpc: hvc_console updates 2006-03-28 16:45:26 +11:00
hvc_rtas.c [PATCH] powerpc: add hvc backend for rtas 2006-03-28 16:45:28 +11:00
hvc_vio.c [PATCH] powerpc: hvc_console updates 2006-03-28 16:45:26 +11:00
hvcs.c [PATCH] powerpc/pseries: Change H_StudlyCaps to H_SHOUTING_CAPS 2006-04-01 22:36:57 +11:00
hvsi.c [PATCH] drivers/char: Use ARRAY_SIZE macro 2006-01-10 08:01:56 -08:00
hw_random.c [PATCH] Add missing ifdef for VIA RNG code 2006-03-03 21:05:58 -05:00
i8k.c [PATCH] I8K: fix /proc reporting of blank service tags 2005-11-12 11:42:32 -08:00
ip27-rtc.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
isicom.c [PATCH] char/isicom: More whitespaces and coding style 2006-01-10 08:02:01 -08:00
istallion.c [PATCH] drivers/char/[i]stallion: Clean up kmalloc usage 2006-03-31 12:18:56 -08:00
ite_gpio.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
Kconfig [PATCH] RTC subsystem: VR41XX driver 2006-04-11 06:18:47 -07:00
keyboard.c Input: add support for Braille devices 2006-04-02 00:10:28 -05:00
lcd.c Resurrect Cobalt support for 2.6. 2005-10-29 19:30:42 +01:00
lcd.h Resurrect Cobalt support for 2.6. 2005-10-29 19:30:42 +01:00
lp.c [PATCH] Driver Core: fix up all callers of class_device_create() 2005-10-28 09:52:52 -07:00
Makefile [PATCH] RTC subsystem: VR41XX driver 2006-04-11 06:18:47 -07:00
mbcs.c [IA64] mbcs_init() should give up unless running on sn2 2005-10-04 09:39:18 -07:00
mbcs.h [PATCH] mbcs trivial user annotations 2005-05-04 07:33:13 -07:00
mem.c [PATCH] mark f_ops const in the inode 2006-03-28 09:16:05 -08:00
misc.c [PATCH] mark f_ops const in the inode 2006-03-28 09:16:05 -08:00
mmtimer.c [IA64] SGI SN drivers: don't report !sn2 hardware as an error 2006-03-07 15:27:59 -08:00
moxa.c [PATCH] moxa serial: add proper capability check 2006-01-10 09:45:36 -08:00
mxser.c [PATCH] Remove MODULE_PARM 2006-03-25 08:22:52 -08:00
mxser.h [PATCH] Typo fixes 2006-03-28 09:16:08 -08:00
n_hdlc.c [PATCH] n_hdlc.c: remove unused declaration 2006-01-10 08:02:00 -08:00
n_r3964.c [PATCH] TTY layer buffering revamp 2006-01-10 08:01:59 -08:00
n_tty.c [PATCH] sem2mutex: tty 2006-03-23 07:38:11 -08:00
nvram.c [PATCH] drivers/char: Use ARRAY_SIZE macro 2006-01-10 08:01:56 -08:00
nwbutton.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
nwbutton.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
nwflash.c [PATCH] sem2mutex: drivers/char/ 2006-03-23 07:38:11 -08:00
ppdev.c [PATCH] parport: move PP_MAJOR from ppdev.h to major.h 2006-03-25 08:22:53 -08:00
pty.c [PATCH] TTY layer buffering revamp 2006-01-10 08:01:59 -08:00
qtronix.c qtronix.c: Handle kmalloc failure. 2005-10-29 19:30:55 +01:00
qtronixmap.c_shipped Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
qtronixmap.map Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
random.c [IPV6]: Unexport secure_ipv6_port_ephemeral 2006-04-09 22:29:17 -07:00
raw.c [PATCH] sem2mutex: drivers: raw, connector, dcdbas, ppp_generic 2006-03-23 07:38:10 -08:00
riscom8_reg.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
riscom8.c [PATCH] Remove MODULE_PARM 2006-03-25 08:22:52 -08:00
riscom8.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
rocket_int.h [PATCH] drivers/char/rocket.c: cleanups 2005-06-25 16:25:04 -07:00
rocket.c [PATCH] Fix RocketPort driver 2006-02-03 08:31:59 -08:00
rocket.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
rtc.c [PATCH] Allow reading CMOS day of week register 2006-01-11 18:42:10 -08:00
s3c2410-rtc.c [PATCH] handle errors returned by platform_get_irq*() 2006-03-20 13:42:57 -08:00
scan_keyb.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
scan_keyb.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
scc.h [PATCH] m68k: static vs. extern in scc.h 2006-01-12 09:09:00 -08:00
scx200_gpio.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
selection.c [PATCH] TTY layer buffering revamp 2006-01-10 08:01:59 -08:00
ser_a2232.c [PATCH] sem2mutex: serial ->port_write_mutex 2006-03-23 07:38:14 -08:00
ser_a2232.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ser_a2232fw.ax Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ser_a2232fw.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
serial167.c [PATCH] remove unused tmp_buf_sem's 2006-01-14 10:41:42 -08:00
snsc_event.c [PATCH] snsc kmalloc2kzalloc 2006-03-23 07:38:15 -08:00
snsc.c [PATCH] snsc kmalloc2kzalloc 2006-03-23 07:38:15 -08:00
snsc.h [IA64-SGI] Handle SC env. powerdown events 2006-01-26 13:32:26 -08:00
sonypi.c [PATCH] sonypi: Enable ACPI events for Sony laptop hotkeys 2006-01-08 20:14:03 -08:00
specialix_io8.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
specialix.c [PATCH] remove unused tmp_buf_sem's 2006-01-14 10:41:42 -08:00
stallion.c [PATCH] drivers/char/[i]stallion: Clean up kmalloc usage 2006-03-31 12:18:56 -08:00
sx.c [PATCH] sem2mutex: serial ->port_write_mutex 2006-03-23 07:38:14 -08:00
sx.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
sxboards.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
sxwindow.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
synclink_gt.c [PATCH] synclink_gt: remove uneeded async code 2006-03-28 09:16:02 -08:00
synclink.c [PATCH] Typo fixes 2006-03-28 09:16:08 -08:00
synclinkmp.c [PATCH] s/;;/;/g 2006-03-24 07:33:24 -08:00
sysrq.c [PATCH] sysrq cleanup 2006-03-25 08:22:52 -08:00
tb0219.c [PATCH] tb0219: convert to the new platform device interface 2006-03-22 07:53:56 -08:00
tipar.c [PATCH] tipar fixes 2006-02-11 21:41:13 -08:00
tlclk.c [PATCH] MPBL0010 driver sysfs permissions wide open 2006-04-11 06:18:43 -07:00
toshiba.c [PATCH] remove ISA legacy functions: drivers/char/toshiba.c 2006-03-24 07:33:19 -08:00
tty_io.c [PATCH] Fix file lookup without ref 2006-04-19 09:13:51 -07:00
tty_ioctl.c [PATCH] coverity: tty_ldisc_ref return null check 2005-06-28 21:20:34 -07:00
vc_screen.c [PATCH] fix ia64 compile failure with gcc4.1 2005-12-29 10:19:21 -08:00
viocons.c [PATCH] powerpc: remove bitfields from HvLpEvent 2006-01-12 20:09:29 +11:00
viotape.c [PATCH] changing CONFIG_LOCALVERSION rebuilds too much, for no good reason 2005-11-09 07:55:57 -08:00
vme_scc.c [PATCH] sem2mutex: serial ->port_write_mutex 2006-03-23 07:38:14 -08:00
vr41xx_giu.c [PATCH] vr41xx: convert to the new platform device interface 2006-03-22 07:53:56 -08:00
vt_ioctl.c [PATCH] Only disallow _setting_ of function key string 2005-11-07 07:53:39 -08:00
vt.c [PATCH] vt: add TIOCL_GETKMSGREDIRECT 2006-03-31 12:18:56 -08:00