Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Staging: bcm: copying more data than intended

This was changed to bcm_flash2x_cs_info instead of bcm_flash_cs_info
when we got rid of the typedefs.  bcm_flash2x_cs_info is quite a bit
larger than bcm_flash_cs_info (436 bytes instead of 96) so it would
corrupt user memory and it's an info leak.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Dan Carpenter 12 years ago
parent
b3d07cf5a1
commit
cb9cc9cae9
1 changed files with 1 additions and 1 deletions
Split View Show Diff Stats
  1. 1 1
      drivers/staging/bcm/Bcmchar.c

+ 1 - 1
drivers/staging/bcm/Bcmchar.c
View File 

@@ -1792,7 +1792,7 @@ cntrlEnd:
 
 			if (IoBuffer.OutputLength < sizeof(struct bcm_flash_cs_info))
 
 				return -EINVAL;
 
 
-			if (copy_to_user(IoBuffer.OutputBuffer, Adapter->psFlashCSInfo, sizeof(struct bcm_flash2x_cs_info)))
 
+			if (copy_to_user(IoBuffer.OutputBuffer, Adapter->psFlashCSInfo, sizeof(struct bcm_flash_cs_info)))
 
 				return -EFAULT;
 
 		}
 
 	}