Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v3.4.34 2012-04-10T16:17:34+00:00 2012-04-10T16:17:34+00:00 Dan Carpenter dan.carpenter@oracle.com 2012-03-29T06:43:54+00:00 urn:sha1:4ca5218e3939685c2325fc0a0a1ac8150272c93f We need to check the we don't copy too much memory. This comes from a copy_from_user() in the ioctl. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2012-02-24T20:05:37+00:00 Masanari Iida standby24x7@gmail.com 2012-02-20T14:31:31+00:00 urn:sha1:3e495b2104f782ae36830ea875bfe1a12aa7b2f1 Correct spelling "scaning" to "scanning" in drivers/staging/vt6656/bssdb.c drivers/staging/vt6655/bssdb.c Signed-off-by: Masanari Iida <standby24x7@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2012-02-09T17:19:21+00:00 mahendra singh meena mahendra.devel@gmail.com 2012-01-16T18:20:38+00:00 urn:sha1:08afcf9c9f5b9372e26f3f29313f45528fafc15c This patch fixes up unnecessary brace warnings found in ioctl.c by checkpatch.pl . Signed-off-by: Mahendra Singh Meena <mahendra.devel@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2011-11-30T10:29:40+00:00 Xi Wang xi.wang@gmail.com 2011-11-30T02:52:46+00:00 urn:sha1:2a58b19fd97c7368c03c027419a2aeb26313adad There are two potential integer overflows in private_ioctl() if userspace passes in a large sList.uItem / sNodeList.uItem. The subsequent call to kmalloc() would allocate a small buffer, leading to a memory corruption. Reported-by: Dan Rosenberg <drosenberg@vsecurity.com> Signed-off-by: Xi Wang <xi.wang@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2011-11-30T10:25:50+00:00 Marcos Paulo de Souza marcos.mage@gmail.com 2011-11-28T19:16:37+00:00 urn:sha1:428c1fb50ec57587eb9d7e48439059cbfeb9330a Removed the function iwctl_giwnwid, that just return a error code. Changes v1 to v2: Removed same functions of vt6655 and vt6656. Signed-off-by: Marcos Paulo de Souza <marcos.mage@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2011-10-26T13:39:02+00:00 Linus Torvalds torvalds@linux-foundation.org 2011-10-26T13:39:02+00:00 urn:sha1:aa77677e0a288e08073620db5d2a31df83ca4788 * 'staging-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: (1519 commits) staging: et131x: Remove redundant check and return statement staging: et131x: Mainly whitespace changes to appease checkpatch staging: et131x: Remove last of the forward declarations staging: et131x: Remove even more forward declarations staging: et131x: Remove yet more forward declarations staging: et131x: Remove more forward declarations staging: et131x: Remove forward declaration of et131x_adapter_setup staging: et131x: Remove some forward declarations staging: et131x: Remove unused rx_ring.recv_packet_pool staging: et131x: Remove call to find pci pm capability staging: et131x: Remove redundant et131x_reset_recv() call staging: et131x: Remove unused rx_ring.recv_buffer_pool Staging: bcm: Fix three initialization errors in InterfaceDld.c Staging: bcm: Fix coding style issues in InterfaceDld.c staging:iio:dac: Add AD5360 driver staging:iio:trigger:bfin-timer: Fix compile error Staging: vt6655: add some range checks before memcpy() Staging: vt6655: whitespace fixes to iotcl.c Staging: vt6656: add some range checks before memcpy() Staging: vt6656: whitespace cleanups in ioctl.c ... Fix up conflicts in: - drivers/{Kconfig,Makefile}, drivers/staging/{Kconfig,Makefile}: vg driver movement - drivers/staging/brcm80211/brcmfmac/{dhd_linux.c,mac80211_if.c}: driver removal vs now stale changes - drivers/staging/rtl8192e/r8192E_core.c: driver removal vs now stale changes - drivers/staging/et131x/et131*: driver consolidation into one file, tried to do fixups 2011-10-23T08:13:20+00:00 Dan Carpenter dan.carpenter@oracle.com 2011-10-20T06:10:09+00:00 urn:sha1:0c849b3c16f4dab5848182868094adeb51210d8b There were no range checks in the original code so the user could write past the end of the array. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2011-10-23T08:13:20+00:00 Dan Carpenter dan.carpenter@oracle.com 2011-10-20T06:09:46+00:00 urn:sha1:0d3eb2b29f116a2be4e042cbab0e14c9957cc8e2 The indents didn't line up at all in the original code. I also fixed a bunch of other white issues as I went along. I changed the comment style and removed some commented out code. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2011-10-19T20:42:48+00:00 Dan Carpenter dan.carpenter@oracle.com 2011-10-18T06:27:25+00:00 urn:sha1:6b7200fe0a59d7bda59e9e028b235b25a137dff9 The original code left it up to the user to decide how much data to copy, but that doesn't work with a fixed size array. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2011-09-27T00:43:44+00:00 Dan Carpenter dan.carpenter@oracle.com 2011-09-23T06:23:22+00:00 urn:sha1:de0920b1fedb4d694fe4732cfc3cccfcd4743f84 Smatch has a new check for Rosenberg type information leaks where structs are copied to the user with uninitialized stack data in them. In this path, the .uLinkRate member doesn't get initialized so I've set it to zero. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>