| commit | 80569f607b59fb59d0e7d86ae6467fefcab8e89b | |
| author | Stefan Richter <stefanr@s5r6.in-berlin.de> | |
| Fri, 29 Jan 2010 20:25:46 +0000 (29 21:25 +0100) | ||
| committer | Greg Kroah-Hartman <gregkh@suse.de> | |
| Tue, 9 Feb 2010 12:50:52 +0000 (9 04:50 -0800) | ||
| tree | ce7c8502b19e26941cc28fad879ec521e746461a | treesnapshot (tar.gz zip) |
| parent | 612e99b2d1ba8839896c6ea78d4329782d4e16b8 | commitdiff |
firewire: core: add_descriptor size check
Backport of commit e300839da40e99581581c5d053a95a172651fec8 upstream.
Presently, firewire-core only checks whether descriptors that are to be
added by userspace drivers to the local node's config ROM do not exceed
a size of 256 quadlets. However, the sum of the bare minimum ROM plus
all descriptors (from firewire-core, from firewire-net, from userspace)
must not exceed 256 quadlets.
Otherwise, the bounds of a statically allocated buffer will be
overwritten. If the kernel survives that, firewire-core will
subsequently be unable to parse the local node's config ROM.
(Note, userspace drivers can add descriptors only through device files
of local nodes. These are usually only accessible by root, unlike
device files of remote nodes which may be accessible to lesser
privileged users.)
Therefore add a test which takes the actual present and required ROM
size into account for all descriptors of kernelspace and userspace
drivers.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Backport of commit e300839da40e99581581c5d053a95a172651fec8 upstream.
Presently, firewire-core only checks whether descriptors that are to be
added by userspace drivers to the local node's config ROM do not exceed
a size of 256 quadlets. However, the sum of the bare minimum ROM plus
all descriptors (from firewire-core, from firewire-net, from userspace)
must not exceed 256 quadlets.
Otherwise, the bounds of a statically allocated buffer will be
overwritten. If the kernel survives that, firewire-core will
subsequently be unable to parse the local node's config ROM.
(Note, userspace drivers can add descriptors only through device files
of local nodes. These are usually only accessible by root, unlike
device files of remote nodes which may be accessible to lesser
privileged users.)
Therefore add a test which takes the actual present and required ROM
size into account for all descriptors of kernelspace and userspace
drivers.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| drivers/firewire/core-card.c | diffblobblamehistory |