From 585dcf941862452a588b459845f99ca72a09727b Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Mon, 15 Apr 2013 11:02:03 +0300 Subject: [PATCH] user_data: using a user supplied offset into an known array give safe data The situation here is: x = trusted_kernel_array[untrusted_user_offset]; At the end then x is trusted kernel data. Signed-off-by: Dan Carpenter --- check_user_data.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/check_user_data.c b/check_user_data.c index 283868ab..b5e3b86a 100644 --- a/check_user_data.c +++ b/check_user_data.c @@ -156,6 +156,8 @@ int is_user_data(struct expression *expr) if (expr->type == EXPR_BINOP) { if (is_user_data(expr->left)) return 1; + if (is_array(expr)) + return 0; if (is_user_data(expr->right)) return 1; return 0; -- 2.11.4.GIT