q3k/linux
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
linux/drivers
History
Stefan Richter e300839da4 firewire: core: add_descriptor size check 
Presently, firewire-core only checks whether descriptors that are to be
added by userspace drivers to the local node's config ROM do not exceed
a size of 256 quadlets.  However, the sum of the bare minimum ROM plus
all descriptors (from firewire-core, from firewire-net, from userspace)
must not exceed 256 quadlets.

Otherwise, the bounds of a statically allocated buffer will be
overwritten.  If the kernel survives that, firewire-core will
subsequently be unable to parse the local node's config ROM.

(Note, userspace drivers can add descriptors only through device files
of local nodes.  These are usually only accessible by root, unlike
device files of remote nodes which may be accessible to lesser
privileged users.)

Therefore add a test which takes the actual present and required ROM
size into account for all descriptors of kernelspace and userspace
drivers.

Cc: stable@kernel.org
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2010-01-26 20:54:50 +01:00
..
accessibility
acpi Merge branch 'bugzilla-14954' into release 2010-01-20 01:26:22 -05:00
amba
ata libata: retry FS IOs even if it has failed with AC_ERR_INVALID 2010-01-20 14:25:11 -05:00
atm
auxdisplay
base Revert "sysdev: fix prototype for memory_sysdev_class show/store functions" 2010-01-20 15:02:13 -08:00
block drbd: Allow online resizing of DRBD devices while peer not reachable (needs to be explicitly forced) 2010-01-12 10:02:46 +01:00
bluetooth Bluetooth: Prevent ill-timed autosuspend in USB driver 2009-12-17 12:12:49 -08:00
cdrom
char tty: fix race in tty_fasync 2010-01-20 15:03:31 -08:00
clocksource
connector
cpufreq
cpuidle drivers/cpuidle/governors/menu.c: fix undefined reference to `__udivdi3' 2010-01-11 09:34:07 -08:00
crypto
dca
dio
dma Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/async_tx 2009-12-30 13:46:29 -08:00
edac edac: i5000_edac critical fix panic out of bounds 2010-01-16 12:15:38 -08:00
eisa
firewire firewire: core: add_descriptor size check 2010-01-26 20:54:50 +01:00
firmware
gpio gpio: adp5588-gpio: new driver for ADP5588 GPIO expanders 2010-01-11 09:34:07 -08:00
gpu Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/anholt/drm-intel 2010-01-16 10:44:38 -08:00
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid 2010-01-13 16:10:13 -08:00
hwmon Merge branch 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging 2010-01-11 09:45:55 -08:00
i2c i2c: Do not use device name after device_unregister 2010-01-16 20:43:13 +01:00
ide
idle cpumask: convert drivers/idle/i7300_idle.c to cpumask_var_t 2009-12-17 11:43:25 +10:30
ieee1394 firewire, ieee1394: update Kconfig help 2009-12-29 19:58:17 +01:00
ieee802154
infiniband Merge branches 'misc' and 'mlx4' into for-next 2010-01-06 13:16:47 -08:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2010-01-15 14:51:57 -08:00
isdn Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2010-01-12 20:53:29 -08:00
leds leds: leds-pwm: Set led_classdev max_brightness 2009-12-17 11:42:34 +00:00
lguest lguest: fix bug in setting guest GDT entry 2010-01-04 12:33:33 -08:00
macintosh powerpc/macintosh: Make Open Firmware device id constant 2010-01-15 13:26:04 +11:00
mca
md DM: Fix device mapper topology stacking 2010-01-11 14:29:20 +01:00
media Merge branch 'mantis' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-2.6 2010-01-18 14:07:07 -08:00
memstick
message i2o: propogate the BKL down into the ioctl method 2010-01-04 12:31:21 -08:00
mfd mfd: Unlock mc13783 before subsystems initialisation, at probe time. 2010-01-18 12:30:28 +01:00
misc Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6 2009-12-17 16:38:48 -08:00
mmc mfd: tmio_mmc hardware abstraction for CNF area 2010-01-18 12:30:27 +01:00
mtd Merge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus 2009-12-17 16:38:06 -08:00
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2010-01-14 08:36:15 -08:00
nubus
of
oprofile
parisc
parport
pci PCIe AER: prevent AER injection if hardware masks error reporting 2010-01-04 15:52:49 -08:00
pcmcia Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6 2009-12-30 13:13:24 -08:00
platform Merge branch 'misc' into release 2010-01-20 01:23:27 -05:00
pnp Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6 2009-12-16 12:33:19 -08:00
power pmu_battery: Fix battery full reporting 2009-12-18 03:51:29 +03:00
pps
ps3
rapidio
regulator regulator: wm831x_reg_read() failure unnoticed in wm831x_aldo_get_mode() 2009-12-17 10:27:30 +00:00
rtc rtc_cmos: convert shutdown to new pnp_driver->shutdown 2010-01-11 09:34:07 -08:00
s390 [S390] tape_char: add missing compat_ptr conversion 2010-01-13 20:44:46 +01:00
sbus bbc_envctrl: Clean up properly if kthread_run() fails. 2010-01-04 15:31:10 -08:00
scsi [SCSI] megaraid_sas: remove sysfs poll_mode_io world writeable permissions 2010-01-12 21:12:36 -08:00
serial serial: serial_cs: oxsemi quirk breaks resume 2010-01-20 15:03:31 -08:00
sfi
sh
sn
spi Merge branch 'next-spi' of git://git.secretlab.ca/git/linux-2.6 2009-12-17 15:59:05 -08:00
ssb
staging Staging: hv: fix smp problems in the hyperv core code 2010-01-20 15:05:26 -08:00
tc
telephony
thermal Merge branch 'misc-2.6.33' into release 2009-12-16 14:22:32 -05:00
uio
usb USB: isp1362: fix build failure on ARM systems via irq_flags cleanup 2010-01-20 15:24:36 -08:00
uwb
video revert "drivers/video/s3c-fb.c: fix clock setting for Samsung SoC Framebuffer" 2010-01-16 12:15:40 -08:00
virtio virtio: fix section mismatch warnings 2010-01-16 12:15:39 -08:00
vlynq
w1
watchdog [WATCHDOG] iTCO_wdt: Add Intel Cougar Point and PCH DeviceIDs 2010-01-18 21:39:49 +00:00
xen xen: fix hang on suspend. 2010-01-13 10:01:35 +00:00
zorro
Kconfig firewire, ieee1394: update Kconfig help 2009-12-29 19:58:17 +01:00
Makefile