linux/drivers/staging/vt6655
Xi Wang 2a58b19fd9 staging: vt6655: integer overflows in private_ioctl()
There are two potential integer overflows in private_ioctl() if
userspace passes in a large sList.uItem / sNodeList.uItem.  The
subsequent call to kmalloc() would allocate a small buffer, leading
to a memory corruption.

Reported-by: Dan Rosenberg <drosenberg@vsecurity.com>
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-11-30 19:29:40 +09:00
..
80211hdr.h
80211mgr.c
80211mgr.h
aes_ccmp.c
aes_ccmp.h
baseband.c
baseband.h
bssdb.c staging: Remove unnecessary semicolons when if (foo) {...}; 2011-04-25 16:58:34 -07:00
bssdb.h
card.c Fix common misspellings 2011-03-31 11:26:23 -03:00
card.h
channel.c
channel.h
country.h
datarate.c
datarate.h
desc.h
device.h staging: vt6655: Fix warnings if CONFIG_PM is not defined 2011-05-06 09:27:34 -07:00
device_cfg.h
device_main.c staging:vt6656: iwctl.c: Removed unneeded function 2011-11-30 19:25:50 +09:00
dpc.c staging: vt6655: simplify MAC printing by using %pM 2011-08-23 14:36:17 -07:00
dpc.h
hostap.c staging: vt6655: Remove NULL check before kfree 2011-03-14 11:57:37 -07:00
hostap.h
IEEE11h.c staging: vt6655: Fixed all the indents and other errors in IEEE11h.c 2011-08-23 13:27:28 -07:00
IEEE11h.h
iocmd.h Staging: vt665x: remove unused DEF definition 2010-09-16 13:02:36 -07:00
ioctl.c staging: vt6655: integer overflows in private_ioctl() 2011-11-30 19:29:40 +09:00
ioctl.h
iowpa.h
iwctl.c staging:vt6656: iwctl.c: Removed unneeded function 2011-11-30 19:25:50 +09:00
iwctl.h staging:vt6656: iwctl.c: Removed unneeded function 2011-11-30 19:25:50 +09:00
Kconfig Staging: vt665?: prevent modules from being built into the kernel. 2011-04-04 21:33:26 -07:00
key.c
key.h
mac.c
mac.h
Makefile Staging: vt6655: Makefile: cleaned up Makefile cflag lines 2010-10-05 11:56:38 -07:00
mib.c
mib.h
michael.c
michael.h
power.c staging: Remove unnecessary semicolons when if (foo) {...}; 2011-04-25 16:58:34 -07:00
power.h
rc4.c
rc4.h
rf.c
rf.h
rxtx.c staging: Remove unnecessary semicolons when if (foo) {...}; 2011-04-25 16:58:34 -07:00
rxtx.h
srom.c
srom.h
tcrc.c
tcrc.h
test
tether.c
tether.h
tkip.c
tkip.h
tmacro.h
TODO
ttype.h Staging: vt6655: remove unused update_BssList definition 2010-09-20 17:01:24 -07:00
upc.h
vntconfiguration.dat
vntwifi.c staging: vt6655: '&pointer[0]' to 'pointer' fix 2010-09-20 16:10:56 -07:00
vntwifi.h
wcmd.c staging: Remove unnecessary semicolons when if (foo) {...}; 2011-04-25 16:58:34 -07:00
wcmd.h
wctl.c
wctl.h
wmgr.c staging: vt6655: simplify MAC printing by using %pM 2011-08-23 14:36:17 -07:00
wmgr.h Fix common misspellings 2011-03-31 11:26:23 -03:00
wpa.c
wpa.h
wpa2.c drivers/staging: Remove unnecessary semicolons 2010-11-16 12:06:47 -08:00
wpa2.h
wpactl.c Staging: vt6655: memory corruption in check in wpa_set_wpadev() 2011-10-19 13:42:48 -07:00
wpactl.h
wroute.c
wroute.h