| commit | 78cb3229c2447ee59c32b869a4003d253ad18ca5 | |
| author | Dan Carpenter <error27@gmail.com> | |
| Wed, 15 Dec 2010 12:00:07 +0000 (15 15:00 +0300) | ||
| committer | Dan Carpenter <error27@gmail.com> | |
| Wed, 15 Dec 2010 12:00:07 +0000 (15 15:00 +0300) | ||
| tree | 38f44ac916ef1cffc5c222466f814368b22d93ab | treesnapshot (tar.gz zip) |
| parent | f43a59a0045c456810613f9da1ce2ee5c66bbbd5 | commitdiff |
*new* check_access_ok_math: potential integer overflows
Sometimes there are security vulnerabilities introduced because people
do this:
if (access_ok(user_pointer, size * sizeof(int)))
__copy_to_user(buf, user_pointer, size);
But the problem is that size * sizeof(int) overflowed and the access_ok()
passed when it should have failed.
Signed-off-by: Dan Carpenter <error27@gmail.com>
Sometimes there are security vulnerabilities introduced because people
do this:
if (access_ok(user_pointer, size * sizeof(int)))
__copy_to_user(buf, user_pointer, size);
But the problem is that size * sizeof(int) overflowed and the access_ok()
passed when it should have failed.
Signed-off-by: Dan Carpenter <error27@gmail.com>
| check_access_ok_math.c | [new file with mode: 0644] | blob |
| check_list.h | diffblobblamehistory |