mirror of
https://github.com/edk2-porting/linux-next.git
synced 2024-12-22 20:23:57 +08:00
096cdc6f52
We verify "u_cmd.outsize" and "u_cmd.insize" but we need to make sure
that those values have not changed between the two copy_from_user()
calls. Otherwise it could lead to a buffer overflow.
Additionally, cros_ec_cmd_xfer() can set s_cmd->insize to a lower value.
We should use the new smaller value so we don't copy too much data to
the user.
Reported-by: Pengfei Wang <wpengfeinudt@gmail.com>
Fixes:
|
||
---|---|---|
.. | ||
chromeos_laptop.c | ||
chromeos_pstore.c | ||
cros_ec_dev.c | ||
cros_ec_dev.h | ||
cros_ec_lightbar.c | ||
cros_ec_lpc.c | ||
cros_ec_proto.c | ||
cros_ec_sysfs.c | ||
cros_ec_vbc.c | ||
cros_kbd_led_backlight.c | ||
Kconfig | ||
Makefile |