[S390] keyboard: integer underflow bug · b652277b09 - Gogs

Prechádzať zdrojové kódy

[S390] keyboard: integer underflow bug

The "ct" variable should be an unsigned int.  Both struct kbdiacrs
->kb_cnt and struct kbd_data ->accent_table_size are unsigned ints.

Making it signed causes a problem in KBDIACRUC because the user could
set the signed bit and cause a buffer overflow.

Cc: <stable@kernel.org>
Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>

Dan Carpenter 14 rokov pred

rodič

0c0db0355b

commit

b652277b09

1 zmenil súbory, kde vykonal 2 pridanie a 1 odobranie

Rozdelené zobrazenie Ukázať štatistiku rozdielnych dát

						
							+ 2
							
							- 1
						
drivers/s390/char/keyboard.c
							 
								Zobraziť súbor
							
				@@ -460,7 +460,8 @@ kbd_ioctl(struct kbd_data *kbd, struct file *file,
			
				 	  unsigned int cmd, unsigned long arg)
			
				 {
			
				 	void __user *argp;
			
				-	int ct, perm;
			
				+	unsigned int ct;
			
				+	int perm;
			
				 	argp = (void __user *)arg;