Halaman utama Jelajahi Bantuan
Daftar Masuk
phyus
/
linux-vybrid_public
8
0
Fork 0
Berkas Masalah 0 Permintaan Tarik 0 Wiki
Jelajahi Sumber

[S390] keyboard: integer underflow bug

The "ct" variable should be an unsigned int.  Both struct kbdiacrs
->kb_cnt and struct kbd_data ->accent_table_size are unsigned ints.

Making it signed causes a problem in KBDIACRUC because the user could
set the signed bit and cause a buffer overflow.

Cc: <stable@kernel.org>
Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Dan Carpenter 14 tahun lalu
induk
0c0db0355b
melakukan
b652277b09
1 mengubah file dengan 2 tambahan dan 1 penghapusan
Unified View Tampilkan Statistik Diff
  1. 2 1
      drivers/s390/char/keyboard.c

+ 2 - 1
drivers/s390/char/keyboard.c
Tampilan Berkas 

@@ -460,7 +460,8 @@ kbd_ioctl(struct kbd_data *kbd, struct file *file,
 
 	  unsigned int cmd, unsigned long arg)
 
 	  unsigned int cmd, unsigned long arg)
 
 {
 
 {
 
 	void __user *argp;
 
 	void __user *argp;
 
-	int ct, perm;
 
+	unsigned int ct;
 
+	int perm;
 
 
 
 	argp = (void __user *)arg;
 
 	argp = (void __user *)arg;