[PATCH 2/2] Staging: bcm: Add size maximum size restrictions for IOCTL_IDLE_REQ
Kevin McKinney
klmckinney1 at gmail.com
Sun Sep 11 22:06:30 UTC 2011
On Sun, Sep 11, 2011 at 4:04 PM, Dan Carpenter <error27 at gmail.com> wrote:
> On Sat, Sep 10, 2011 at 10:23:35PM -0400, Kevin McKinney wrote:
>> >From f228745a844cf56f8d12f06be31a687acd91f653 Mon Sep 17 00:00:00 2001
>> From: Kevin McKinney <klmckinney1 at gmail.com>
>> Date: Sat, 3 Sep 2011 15:15:20 -0400
>> Subject: [PATCH 2/2] Staging: bcm: Add size maximum size restrictions for IOCTL_IDLE_REQ
>>
>> The maximum size is from the maximum size of the control packet
>> in ->Adapter->txctlpacket[] which is allocated in InitAdapter().
>> If we don't cap the max we could get a stack trace from kmalloc()
>> but it's not harmful.
>>
>
> The patch description is not totally accurate. The first chunk caps
> the size of the kmalloc() which is nice, but not a memory corruption
> bug. The second chunk actually corrects a potential memory
> corruption bug which obviously is harmful.
>
I forgot to change this description. I will alter the description and resend.
Thanks,
Kevin
More information about the devel
mailing list