[patch] telephony: ijx: buffer overflow in ixj_write_cid()
gregkh at linuxfoundation.org
Mon Dec 3 19:10:47 UTC 2012
On Mon, Dec 03, 2012 at 10:05:12PM +0300, Dan Carpenter wrote:
> We get this from user space and nothing has been done to ensure that
> these strings are NUL terminated.
> Cc: stable at vger.kernel.org
> Reported-by: Chen Gang <gang.chen at asianux.com>
> Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
> This driver is going to be removed in the 3.8 kernel but the fix is
> needed for 3.7 and older.
Ok, I'll queue it up for 3.7.1 and older stable kernels at that time, as
it's too late for 3.7-final right now, especially as no one is even
using this code :)
More information about the devel